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CHAPTER  1 


STATEMENT  OF  PROBLEM 

1.1  OBJECTIVES  AND  MOTIVATION 

The  objectives  of  the  research  and  development  undertaken 
in  this  work  lie  within  the  scope  of  total  automation  of 
software  developement  for  automatic  test  equipment.  This 
report  is  concerned  with  the  concept  of  automation  of  test 
design  for  diagnosing  and  isolating  faulty  circuit 
components  or  subcircuits  in  electronic  analog  circuits. 

The  design  of  diagnostic  and  fault  isolation  tests  is 
widely  recognized  as  a conceptually  difficult  but  integral 
part  of  electronic  equipment  design.  The  complex  design 
task  is  further  compounded  by  the  need  to  use  computer 
controlled  automatic  test  equipment  which  performs  the 
testing  repetitively  in  production  or  maintenance 
environments. 

The  introduction  of  a computer  to  the  testing  process 
necessitates  the  preparation  of  a new  computer  program  for 
each  different  unit  under  test  (UUT) . Even  slight 
modifications  in  the  circuit  design  or  in  the  failures  of  a 
UUT  may  require  the  generation  of  a totally  different  test 
program. 

The  automation  of  the  design  and  programming  of  tests  for 
digital  circuits  has  received  considerable  attention.  There 
are  several  commercially  available  automatic  test  program 
generation  systems  for  digital  circuits.  CAPS-VIII  by 


GenRad,  TESTAID-III  by  Hewlett-Packard,  D-LASAR  by  Digitest, 
CC-TEGAS3  by  Control  Data  Cybernet  Service  and  FLASH  by 
Micro  Systems  are  some  of  the  well  xnown  systems.  Perhaps 
the  success  and  wide  acceptance  of  digital  test  equipment  is 
primarily  due  to  the  availability  of  automatic  test  program 
generators.  Much  less  effort  has  been  spent  on  analog  fault 
diagnosis  and  isolation,  and  even  less  on  hybrid  circuit 
(circuits  consisting  of  analog  and  digital  subcircuits). 

There  are  many  techniques  proposed  for  detecting  failures 
in  analog  circuits  ( 1 ) . Very  few  of  them  have  actually 
been  programmed  for  use  with  automatic  test  systems.  A 
company  which  reportedly  developed  such  a system  was  not 
willing  to  provide  more  information  on  the  methodology  they 
used.  There  is  no  reference  to  the  success  or  failure  of 
this  system  ( 2 ].  Only  two  computer  aided  network  analysis 
programs  have  the  built-in  capability  failure  analysis 
(ASTAP  by  IBM  and  UCCAP  by  University  Computing  Company). 
These  circuit  analysis  programs  have  very  limited  failure 
analysis  capability.  They  are  primarily  directed  toward  the 
problem  of  circuit  design  rather  than  testing. 

A large  number  of  digital  circuit  design  and  test 
programs  were  developed  by  ATE  manufacturers  for  the  purpose 
of  producing  test  programs  economically  and  making  ATE  more 
attractive  to  potential  users.  However,  none  of  the  circuit 
analysis  programs  were  developed  by  ATE  manufacturers.  This 
explains  why  computer-aided  design  has  not  found  direct 

application  in  the  generation  of  analog  test  programs. 
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For 


a long  time  it  has  been  accepted  that  analog  circuit  test 
programs  could  generally  be  prepared  in  a time  and  cost  that 
the  market  could  accept.  Recently  this  justification  has 
become  obselete  because  of  rising  labor  costs.  It  is 
estimated  that  80%  of  all  maintenance  costs  consist  of  labor 
expenses  while  only  20%  are  due  to  replacement  parts  [ 3 ]. 
The  U.S.  Defense  Department  spends  annually  on  maintenance 
and  support  an  excess  of  one  third  of  the  amount  spent  on 
procurement  of  electronic  equipment  [ 4 ] . According  to  the 
U.S.  Navy  one  way  of  reducing  this  cost  disproportion  is  to 
simplify  design,  introduce  modular  concepts,  minimize 
software  complexity,  and  increase  online  testing  with  the 
use  of  automatic  test  equipment  [ 4 ].  Consequently, 
automatic  testing  and  the  programming  of  techniques  for 
analyzing  and  isolating  component,  subsystem,  and  system 
faults  quickly  and  with  minimal  human  intervention  have 
emerged  as  a means  of  reducing  costs. 

Several  recent  papers  acknowledge  the  fact  that,  to  date, 
there  are  no  automatic  test  program  generation  systems  for 
analog  circuits  [ 2,  4,  5,  6 ].  A survey  conducted  by  IE£C 
in  1975  among  5000  automatic  test  system  users  indicated 
that  more  than  one  half  of  them  expected  new  developments  in 
automatic  test  program  generation  and  fault  diagnosis  and 
isolation  programs  for  the  future  ATE  [51.  About  one 
fourth  of  the  users  anticipated  that  advances  in  automatic 
test  program  generation  systems  will  have  the  greatest 
impact  on  future  ATEs.  Some  of  the  other  results  of  this 
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survey  of  interest  to  this  work  are  as  follows:  (1)  All  of 
the  users  expressed  an  interest  in  the  standardization  of 
automatic  test  programming  languages.  (2)  All  of  the  users 
felt  that  the  needs  of  testing  complex  devices  and  systems 
are  not  satisfied  by  the  present  ATE  technology.  (3)  Only 
about  5%  of  the  users  anticipated  progress  in  computer-aided 
design  and  signal  analysis.  The  last  statistic  alone 
indicates  that  the  advances  made  in  computer-aided  network 
analysis  has  reached  saturation.  The  other  statistics  are 
indicative  of  the  need  and  the  interest  in  automatic  test 
program  generation  systems. 

The  methods  currently  employed  in  analog  test  design  are 
ad  hoc  and  unsatisfactory.  For  instance,  studies  during  the 
course  of  this  research  indicated  that  25%  of  the 
catastrophic  failures  of  components  could  not  be  detected  by 
manufacturer  specified  functional  tests  [ 7 ].  Also  the 
methods  used  to  date  for  preparing  ATE  programs  are 
considerably  behind  general  computer  software  technology  in 
other  computer  application  areas.  This  is  in  contrast  with 
significant  advances  being  made  in  ATE  hardware  area.  The 
developments  in  hardware  are  observed  as  major  reductions  in 
cost  and  in  improved  transportability. 

It  is  evident  that  the  design  and  programming  tasks 
represent  a major  impediment  in  the  critical  path  to 
employing  automatic  test  equipment.  The  need  of  reducing 
human  activity  in  preparing  and  executing  test  programs  to 
check  the  performance  of  devices  is  well  recognized  and 
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requires  no  further  justification 


1.2  CONTRIBUTIONS 

The  contributions  of  the  methodology  developed  are 
two-fold.  The  first  contribution  is  in  the  area  of 
electrical  engineering.  It  enables  the  circuit  design 
engineer  to  evaluate  the  circuit  design,  understand  the 
symptoms  of  failure,  and  generate  test  specifications 
automatically.  It  introduces  the  concept  of  nonprocedural 
test  specification  into  test  design.  Shannon's  entropy 
measure  of  information  content  is  extended  to  be  a figure  of 
merit  in  selecting  a minimal  number  of  tests.  A simple 
tabular  form  is  developed  to  specify  the  test  objectives  in 
fault  isolation  to  grade  the  quality  of  a test  program. 

The  methodology  and  its  computer  implementation  (FITS)  is 
a novel  approach  to  automatic  test  programming.  An 
extensive  literature  survey  indicates  that  this  is  the  first 
completed  system  which  takes  the  circuit  description  of  an 
analog  circuit  as  input  and  produces  its  test  specifications 
as  output  automatically. 

The  second  contribution  is  in  computer  science  and 

relates  to  automatic  programming.  When  the  top  and  bottom 

parts  of  the  NOPAL  system  are  viewed  together,  they  exhibit 

an  elegant  example  of  an  automatic  program  generating 

software  system.  The  minimal  input  required  of  the  user  is 

accepted  in  a problem  oriented  specification  language.  The 
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output  of  the  system  is  a computer  program  which  can  be 
executed  in  conjunction  with  automatic  test  systems.  There 
is  no  programming  knowledge  and  experience  required  from  its 
users. 

Some  more  of  the  application  oriented  contributions  and 
the  capabilities  of  the  methodology  developed  are  summarized 
below: 

1.  The  system  is  adaptive  to  the  proficiency  of  the  user. 
The  man-machine  interaction  is  provided  through  a simple 
circuit  description  language.  The  internal  results  and 
outputs  of  the  system  are  always  presented  in  simple 
tabular  forms  to  enhance  comprehension  and  enable 
restart  procedures.  A proficient  user  can  provide  more 
information  and  guide  the  operation  of  the  system. 

2.  Designing  tests  with  this  system  does  not  require 

special  training.  The  system  can  be  used  by  a 

technician  having  minimal  training  in  electronics.  The 
technician  need  not  have  any  computer  programming 

experience  nor  need  understand  the  internal  operation  of 
the  system. 

3.  The  likelihood  of  human  design  error  in  testing  is 

lessened. 

4.  Tests  designed  by  test  engineers  tend  to  use  special 

interfaces  and  additional  components;  on  the  other  hand, 
the  tests  produced  by  this  system  do  not  use  special 


interfaces  unless  they  are  included  as  parts  of  user 
defined  test  strategies. 

5.  The  system  selects  and  uses  the  most  effective  test 
terminals  automatically.  If  the  user  has  no  idea  of 
which  circuit  nodes  to  make  available  as  external  test 
terminals,  then  the  system  may  be  defaulted  to  select  a 
minimal  number  of  different  test  terminals  while 
minimizing  the  number  of  different  test  setup 
configurations. 

6.  The  failures  of  a UUT  may  involve  topological  or  value 
changes  in  the  circuit  description.  Cascaded  or 
multiple  failures  can  be  diagnosed  and  isolated  if  they 
can  be  defined  as  changes  to  the  nominal  circuit 
description. 

7.  Component  and  test  device  tolerances  are  taken  into 
consideration. 

8.  All  numerical  analyses  are  performed  before  the  test 
specifications  are  produced.  No  time  consuming 
computation  has  to  be  done  during  actual  testing.  The 
test  program  generated  can  be  used  in  a production 
environment  where  the  test  time  duration  is  an  important 
consideration. 

9.  The  influence  of  environmental  conditions  such  as 
temperature,  thermal  noise,  and  radiation  may  be 

included  in  the  failure  analysis. 
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10.  If  the  user  was  not  able  to  define  some  of  the  possible 
failures  or  made  errors  in  modellinq  the  UUT,  then  some 
of  these  conditions  can  be  detected  during  testing  by 
special  provisions  in  the  test  specifications. 

11.  As  new  failures  of  a UUT  are  discovered  or  eliminated^ 
new  test  programs  can  be  easily  generated. 

12.  Since  the  test  program  is  generated  automatically/  there 
are  no  syntactical  and  programming  logic  errors. 

13.  The  tests  generated  by  the  system  are  modular, 
incremental*  and  nonprocedural.  Modularity  means  that 
each  test  specification  is  independent  of  others  and  can 
be  usefully  executed  by  itself.  Incrementality  means 
that  new  test  specifications  can  be  added,  or  some  of 
the  existing  ones  can  be  deleted  from  the  specified  set. 
The  net  effect  is  to  increase  or  to  decrease  the  level 
of  fault  isolation  capability,  respectively. 
Nonproceduralness  means  that  these  tests  may  be  executed 
in  any  sequence  with  no  effect  on  fault  isolation  logic. 
The  test  execution  sequence  is  a function  of  component 
protection,  interactiveness  or  efficiency,  and  it  is  not 
dependent  on  fault  isolation  logic. 
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1.3  Ocganization 


This  report  is  organized  in  seven  chapters.  Chapter  1 
contains  the  statement  of  the  problenir  objectives,  and  the 
motivation  for  the  research.  It  concludes  with  the 
contributions  this  research  has  brought  to  electrical 
engineering  and  computer  science. 

In  Chapter  2 the  state  - of-the-  art  is  reviewed  with  an 
extensive  list  of  references.  It  contains  a synopsis  of  the 
survey  papers  and  reports,  fault  isolation  techniques, 
software  and  hardware  related  to  automatic  testing  systems. 

In  Chapter  3 an  overview  of  the  automatic  test  program 
generation  concept  is  given  in  view  of  the  NOPAL  system.  It 
is  concluded  with  a discussion  of  the  advantages, 
disadvantages  and  the  computer  system  requirements  of  the 
FITS  methodology  and  its  program. 

In  Chapter  4 the  operation  of  the  FITS  system  is 
described  with  the  inputs  to  the  programs,  the  processes 
that  take  place,  and  the  outputs  produced.  This  chapter 
also  includes  an  example  of  automatic  test  specification  for 
an  analog  circuit. 

In  Chapter  5 some  of  the  basic  problems  associated  with 
preparing  test  programs  are  brought  to  the  attention  of  the 
reader.  The  decisions  made  in  this  implementation  are  also 
given. 

Chapter  6 gives  the  top  level  description  of  the  programs 
found  in  the  FITS  system.  The  programs  are  described  in 
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sufficient  detail  to  familiarize  the  reader  with  the 
procedures  so  that  the  FORTRAN  implementation  can  be  read 
comfortably. 

The  last  chapter  (Chapter  7)  concludes  the  report  by 
pointing  out  the  significant  aspects  of  the  system.  A 
software  system  of  this  magnitude  can  never  be  considered 
complete.  Section  7.2  of  this  chapter  proposes  ideas  for 
future  research. 

Appendix  A contains  the  user's  guide  to  the  FITS  system. 
Appendix  B gives  the  extended  BNF  representation  of  the 
NOPAL  language.  Appendix  C is  the  table  of  contents  of  the 
system  tape.  There  is  a computer  tape  which  is 
available  separately  from  the  project.  This  tape  contains 
job  control  statements,  source  and  object  codes  for  the  top 
part  of  the  NOPAL  system  for  the  IBM/370  computers. 
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CHAPTER  2 
STATE-OF-THE-ART 


1 

1 

There  is  a vast  amount  of  literature  which  relates  to  the 

fault  isolation  techniques  used  in  electronics.  This  { 

i 

chapter  contains  a synopsis  of  some  of  the  relevant  j 

publications.  Digital  fault  diagnosis  and  isolation 
techniques  are  not  included  here  because  this  work  is 
restricted  to  analog  circuits  only.  Four  books  on  fault 
detection  and  diagnosis  in  digital  circuits  [ 8-11  1 and 
several  IEEE  Transactions  on  Computers  special  issues  on 
fault-tolerant  computing  ( 12,  13  j discuss  the  topic  in  depth 
and  provide  a large  number  of  references. 

The  state-of-the-art  in  automatic  analog  testing  is  surveyed 
in  two  parts.  The  first  part  relates  to  fault  isolation 
techniques  and  ATE  software  (Sections  2.1  through  2.4).  The 
second  part  relates  to  ATE  hardware  (Section  2.5).  The 
survey  papers  and  reports  are  given  in  Section  2.1.  Fault 
diagnosis  and  isolation  techniques  are  reviewed  in  Section 
2.2.  It  is  followed  by  a list  of  the  better  known  ATE 
programming  languages  in  Section  2.3.  Finallyi  the  handbooks 
related  to  the  topic  are  referenced  in  Section  2.4.  Section 
2.5  contains  a short  survey  of  ATE  hardware. 
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2.1  Survey  Papers  and  Reports 


I "Survey  of  Current  Fault  Isolation  Techniques"  (14  ] 

contains  a brief  but  complete  synopsis  of  the  pioneering 
work  done  in  the  field  until  1962,  "The  Formulation  of 
Automatic  Checkout  Techniques"  [ IS  1 reviews  several  fault 
isolation  techniques  with  emphasis  on  the  techniques  for 
interpreting  the  test  results  and  optimization  of  test 
, procudures  rather  than  the  derivation  of  tests. 

In  a NASA  report  titled  "Fault  Isolation  Computer 
Methods"  (1972),  67  papers  are  surveyed  and  classified  under 
ten  methods  ( 16  ] . This  classification  is  followed  in 
Section  2.2.  This  report  is  a uniform  presentation  of  some 
of  the  well  known  fault  isolation  techniques.  Each  method 
is  presented  as  follows.  First,  a general  description  of 
the  method  is  given.  It  is  followed  by  a computer 
application  example  and  discussion  of  the  results.  The 
types  of  circuits  and  the  failures  which  may  be  detected  ace 
also  described.  Finally  the  computer  requirements  are 
given. 

A collection  of  papers  relating  to  hardware,  software, 
and  management  aspects  of  automatic  test  equipment  was 
edited  by  Liguori  and  published  by  IEEE  Press  in  1974 
( 17  ),  It  represents  a broad  survey  of  the  state  of  art  in 
automatic  test  systems. 

Several  articles  published  in  IEEE  Spectrum  also  survey 

ATE  systems.  An  article  by  Eleccion  published  in  August 

I 

1974  ( 18  ] reviews  the  economical  implications  of  using  ATE 

i 
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and  describes  some  of  the  military  ATE  hardware.  A second 
article  published  in  the  next  issue  is  tutorial  in  nature 
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( 19  ] . The  June  1976  issue  contains  the  results  of  a 

survey  taken  among  5000  ATE  users  [20  ] . 

"Circuits  Manufacturing"  - a monthly  magazine  of 
electronics  production,  assembly  and  test  - contains 
articles  about  ATE  in  about  every  issue  [ 21  ] . The 
magazine  emphasizes  digital  test  systems;  nevertheless,  it 
is  a good  source  to  follow  the  recent  developments  in  ATE 
products.  The  June  1974  issue  contains  a survey  of  over  50 
automatic  test  systems,  and  the  January  1977  issue  contains 
a long  list  of  test  equipment  manufacturers. 

2.2  Analog  Fault  Isolation  Methods 

1.  The  classification  method  is  based  on  recognizing 

I 

regions  of  measurements  of  normal  or  malfunctioning 
operation  of  the  system  [22  ] . The  PITS  methodology 

can  be  classified  under  this  method. 


2.  The  key  element  search  method  finds  the  most  likely  ! 

faulty  component  by  determining  a smallest  index  for 

each  component  where  the  index  is  a function  of  the 
measurements  and  of  only  one  component  failure  [ 23  ] . 

3.  The  iterative  method  is  based  on  the  idea  that  the 

— — ■ ■■■■!'  I 

topology  of  the  circuit  and  the  component  values  are  i 

( 

I 

known  at  some  time  before  testing,  but  the  failure  j 
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functions  (component  value  changes  only)  are  unknown 
during  testing  ( 24,  25  ].  The  most  likely  failure  is 

found  by  performing  computer  simulation  while  changing 
the  component  values  to  match  measurements  obtained 
during  testing. 

4,  The  transfer  function  method  is  divided  into  two 

techniques.  The  first  technique  uses  the  Bode  diagram 
to  obtain  failure  symptoms  in  the  frequency  domain.  The 
difference  between  gains  is  used  to  identify  the  faulty 
component  ( 26,  27  ] . The  second  technique  uses  the 

concept  of  tracking  the  transfer  function  of  the  system. 
The  coefficients  of  the  transfer  function  are  used  in  a 
mathematical  relationship  to  determine  the  faulty 
component  ( 28,  29  ) . 

5.  The  scalar  remnant  method  defines  a scalar  performance 
indicator  which  is  positive  when  the  coefficients  of  the 
differential  equation  describing  the  system  are  within 
prescribed  tolerances;  otherwise  it  is  negative^ 
indicating  a malfunction  ( 30  ] . 

6,  The  inverse  probability  method  uses  the  difference 

between  actual  measurements  and  the  nominal  measurement 
to  calculate  a probability  measure  to  indicate  the  most 
likely  failure  (31  ] , 

7.  The  power  spectra  method  is  based  on  finding  the 
transfer  function  through  the  calculation  of  the  power 
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spectra  to  determine  if  the  system  is  operating 
nominally  | 32,33  j, 

8,  The  parameter  identification  method  identifies  the 

coefficients  of  the  transfer  function  of  the  system. 
The  output  of  the  UUT  is  related  to  the  output  of  the 
orthogonal  filters  which  are  excited  by  the  same 
stimulus  as  the  circuit  (34  1 . These  coefficients  are 

compared  to  find  the  failures. 

9,  The  maximum  current  method  is  based  on  finding  the 

majority  current  path  of  the  circuit  to  identify  the 
faulty  components  along  this  path  ( 35  1. 

10,  The  dynamic  system  testing  method  uses  measurements  of 
the  transient  response  of  the  system  to  determine  if  the 
response  is  within  acceptable  limits  ( 3^  1, 


2.3  Analog  Test  Programming  Languages 

One  of  the  earlier  test  programming  languages,  PLACE 
(Programming  Language  for  Automatic  Checkout  Equipment),  was 
developed  by  the  U.S.  Air  Force  to  be  used  with  AN/GJQ-9, 
AN/APQ,  AN/GSM-133  and  AN/GSM-204  (v)  test  equipment  (3-’  ]. 

A volunteer  committee  organized  mainly  through  ARINC 
(Aeronautical  Radio  Inc.)  proposed  ATLAS  (Abbreviated  Test 
Language  for  All  Systems  - ARINC  Soecif ication  416-5) 
r 38  ] . ATLAS  is  a standard  abbreviated  language  for 


writing  test  procedures  which  can  be  implemented  using 
either  manual  or  automatic  test  equipment.  The  language  is 
intended  for  defining  test  requirements  with  no  references 
to,  or  dependence  on  the  test  equipment  used.  ATLAS  has 
found  wide  acceptance  among  airlines  ( 39,  40  ] , aerospace 
companies,  instrument  manufacturers  and  the  military.  It  is 
suggested  as  an  industry  standard.  Both  the  U.S.  Navy  and 
U.S.  Air  Force  have  adopted  ATLAS  as  their  interim  standard 
for  ATE. 

On  the  other  hand,  the  U.S.  Army  has  proposed  OPAL 
(Operational  Performance  Analysis  Language)  ( 41  ] , it  has 
been  predicted  that  soon  the  better  features  of  OPAL  and 
ATLAS  will  be  merged  to  define  Department  of  Defense 
standard  test  language  ( 20  ) . The  Automatic  Program 
Generation  Project  at  the  University  of  Pennsylvania  has 
proposed  NOPAL  as  a nonprocedural  test  specification 
language  { 42,  43  ] , 

RCA  has  developed  a compiler  called  UTEC  (Universal  Test 
Equipment  Compiler)  I 44  ) , It  is  a general  purpose 
compiler  which  accepts  ATE  and  source  language  descriptions 
and  produces,  as  output,  an  object  program  from  the  source 
language  test  program. 

At  Hewlett-Packard,  test  programs  are  written  in  modified 
ATLAS  which  is  compiled  into  an  intermediate  language  called 
ATS-BASIC  to  be  used  with  their  test  systems  {45  ]. 
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2.4  Handbooks 


"Program  Design  Handbook  For  Automatic  Test  Equipment"  by 
RCA  Aerospace  Systems  is  an  excellent  instruction  book  about 
writing  test  programs.  No  specific  ATE  or  programming 
languages  are  endorsed.  It  is  a result  of  many  years  of 
experience  with  test  programming  (46  ] . 

There  are  two  significant  handbooks  which  summarize  the 
electronic  failure  rate  data.  Useful  information  on  failure 
rates  can  be  found  in  "Reliability  Stress  and  Failure  Rate 
Data"  MIL-HDBK  217B  ( 47  ] . Another  useful  source  is  the 
"Failure  Rate  Data  Book"  FARADA  which  includes  information 
on  the  total  number  of  tests,  number  of  failures,  source  of 
data  and  the  environment  (48  ] , 

"Probabilistic  Reliability  - ^ Engineering  Approach*  by 
Shooman  is  a standard  reference  in  reliability  analysis 
( 49  1 . It  also  includes  a short  discussion  of  the  failures 
found  in  analog  circuits. 


2.5  ATE  Hardware 

A recent  buyer’s  guide  published  in  Circuits 
Manufacturing  (January  1977  ( 50  1 ) lists  over  200 
manufacturers  producing  general  and  special  purpose  test 
equipment.  A large  number  of  automatic  test  equipment  and 
their  capabilites  are  listed  in  Circuits  Manufacturing  June 
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1974  { 51  ),  Some  of  the  larger  ATE  are  listed  below. 

SCATE  MARK-VI  by  General  Dynamics  is  a large  general 
purpose  automatic  test  system  [ 52  ] , it  was  originally 
developed  to  test  the  P-111,  It  is  now  being  marketed  for 
testing  analog,  digital,  navigational  and  communication 
systems.  ATLAS  is  the  standard  programming  language. 

HP9500  series  automatic  test  systems  by  Hewlett-Packard 
ii.  by  far  the  largest  and  most  flexible  system  on  the  market 
today  t 53  ] , It  is  a general  purpose  test  system  for 
analog,  digital  and  mechanical  devices.  HP  ATS-BASIC  is  the 
standard  programming  language. 


Another  large 

analog 

and 

digital  test 

system 

is 

the 

EQUATE  NAP I -ATE 

supplied 

by 

RCA  [ 54  J, 

ATLAS 

is 

the 

standard  programming  language. 
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CHAPTER  3 


1 


I OVERVIEW  OF  AUTOMATIC  TEST  PROGRAMMING 

This  chapter  gives  an  overview  of  the  operations  and  the 
methodology  employed  in  a computer  aided  test  design  system 
(PITS)  which  generates  tests  to  diagnose  and  isolate 
' failures  in  analog  circuits.  These  tests  are  intended  to  be 

incorporated  into  a computer  program  which  will  perform 
fault  diagnosis  and  isolation  with  computer  controlled 
automatic  test  equipment. 

Section  3.1  presents  a brief  description  of  the  automatic 
testing  concepts.  In  Section  3.2  automatic  test  program 
generation  is  described  in  the  context  of  the  NOPAL  system. 
Section  3.3  contains  a short  description  of  the  NOPAL 
language.  Section  3.4  presents  the  development  history  of 
the  NOPAL  system.  In  Section  3.5  some  of  the  advantages  and 
disadvanges  of  the  FITS  system  are  discussed.  Finally,  in 
Section  3.6  the  computer  system  requirements  to  execute  the 
FITS  system  on  different  computer  installations  are 
described. 
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3.1  Automatic  Testing  Environment 


In  the  context  of  this  work,  a test  means  a process  to  be 
performed  to  obtain  information  about  the  performance  of  a 
component  or  device.  A component  may  be  a simple  two 
terminal  artifact  such  as  a resistor  or  diode.  A device  may 
be  a circuit  board,  a module  of  an  electronic  assembly,  or  a 
complete  unit  such  as  a radio  set.  Whether  it  is  a basic 
electronic  component,  or  a complex  device  which  is  to  be 
tested,  it  is  called  a unit  under  test  (UUT) . 

There  are  essentially  two  purposes  of  testing:  (1) 
Functional  testing  has  the  purpose  of  determining  whether 
the  UUT  is  operational  or  not  (fault  diagnosis) . The  UUT  is 
then  classified  as  good  or  bad.  (2)  Testing  for  fault 
isolation  has  the  purpose  of  aiding  in  repair.  In  this  case 
testing  is  directed  towards  identifying  the  faulty  component 
in  a bad  UUT  (fault  isolation) . 

Testing  may  be  performed  manually  or  automatically.  In 
manual  testing , a test  technician  uses  individual  pieces  of 
test  equipment  such  as  power  supplies,  signal  generators, 
oscilloscope,  voltmeter,  ohmmeter,  and  a collection  of  clip 
leads  to  connect  the  test  devices  to  the  UUT.  The 
technician  may  be  provided  with  a test  protocol  which 
contains  instructions  on  how  to  use  the  test  equipment  and 
how  to  evaluate  the  results  obtained. 

In  automatic  testing , a test  procedure  is  performed  with 
the  aid  of  a computer.  The  UUT  is  connected  to  the  test 

equipment  through  a switching  system , and  interface  if 
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necessary 


The  test  protocol  a test  technician  uses  is 


replaced  by  a computer  test  program. 

The  essential  constituents  of  automatic  test  equipment 
(ATE)  are  shown  in  Figure  3.1.  Automatic  testing  starts 
after  connecting  the  OUT  to  the  test  equipment  through  an 
interface.  OUT-ATE  interface  provides  the  means  of 
connecting  the  OUT  to  the  test  equipment  should  their 
connecting  points  (terminals)  be  not  compatible.  After  the 
OUT  is  properly  identified,  testing  starts.  Under  the 
control  of  the  test  program,  the  computer  sends  instructions 
to  the  switching  unit  to  provide  the  routing  of  the  signals 
between  the  test  devices  and  the  UUT  by  setting  up 
connections  between  their  terminals  (test  setup) . There  are 
two  types  of  test  devices:  (1)  stimulus  devices  are  those 
devices  which  generate  stimuli,  such  as  power  supplies, 
waveform  generators,  and  external  loads,  and  (2)  measurement 
devices  are  those  devices  which  quantify  the  response  of  a 
UUT  to  stimuli.  The  response  of  a UUT  may  be  a directly 
measurable  physical  quantity  such  as  voltage,  or  it  may  be  a 
derived  quantity  from  physical  measurements  such  as 
resistance,  complex-impedence,  power-gain,  or  phase-shift. 

In  automatic  testing,  control  signals  from  a digital 
computer  can  automatically  set  the  programmable  test  devices 
to  the  desired  functions  with  the  proper  scale.  After  a 
stimulus  device  is  instructed  to  provide  a stimulus,  the 
requested  stimulus  is  sent  through  the  established  route  in 
the  switching  unit  to  the  UUT.  A command  to  the  measurement 
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device  causes  a measurement  to  be  taken  at  the  selected  UUT 
terminal.  In  most  cases,  the  measurement  obtained  can  be 
represented  by  a single  number.  The  term  measurement  is 
used  to  mean  either  the  physical  test  setup  situation,  or 
the  number  indicating  the  value  of  the  measurement  taken. 
In  context,  the  usage  of  this  term  is  unambiguous.  The 
measurement  taken  is  then  transferred  to  the  computer  and 
compared  to  predetermined  test  limits.  If  the  measurement 
is  within  the  specified  limits  for  that  test,  then  the 
instructions  in  the  "go"  path  are  performed.  If  the 
measurement  obtained  is  beyond  the  measurement  limits,  then 
the  "no-go"  path  is  taken.  Following  the  instructions  of 
the  test  outcome,  the  ATE  either  rearranges  to  a new  test 
setup,  or  sends  a message  to  the  ATE  operator.  A new  setup 
may  involve  a rearrangement  in  the  switching  system,  and 
changing  of  the  stimulus  and  measurement  devices.  A message 
to  the  operator  may  contain  diagnostic  information  or  it  may 
request  intervention.  Automatic  testing  proceeds  according 
to  the  next  instruction  of  the  test  program. 

It  is  the  primary  concern  of  this  report  to  show  how  test 
specifications  to  diagnose  and  isolate  failures  in  analog 
circuits  are  designed  automatically.  Another  report 
describes  how  these  test  specifications  are  put  into  an 
effici^t  execution  sequence  and  written  in  the  OPAL  test 
programming  language  [ 55]. 
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Figure  3.1  Essential  Constituents  of  ATE 


3.2  Automated  Test  Design  and  Programming 


There  are  three  significant  phases  in  test  program 
preparation;  (1)  test  requirements  documentation,  (2)  test 
program  generation,  and  (3)  design  verification  using  test 
equipment.  Figure  3,2  illustrates  these  phases  and  the 
documentation  produced. 

The  first  phase  in  test  design  is  concerned  with  the  test 
requirements  documentation.  In  this  phase,  a description  of 
the  problem  to  be  solved  is  documented  by  the  circuit 
description  of  the  OUT,  expected  failures,  available  test 
terminals  and  by  the  test  objectives  in  terms  of  the  desired 
level  of  fault  isolation. 

Test  requirements  change  according  to  the  characteristic 
failures  found  during  the  UUT's  design,  manufacturing,  and 
maintenance  stages,  and  according  to  the  desired  level  of 
fault  diagnosis  and  isolation  at  each  stage.  The  design, 
manufacturing,  and  maintenance  stages  are  known  as  the  life 
cycle  of  a UOT. 

During  the  design  stage,  the  primary  concern  is  to 
provide  testability  to  the  UUT,  Testability  refers  to  the 
capability  to  determine  whether  the  UUT  is  operational  or 
not,  and  if  it  is  not  operational,  the  ability  to  find  which 
component  or  groups  of  components  have  failed.  To  achieve 
this  effect,  access  to  suitable  test  terminals  is  necessary. 
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Figure  3.2  Phases  in  Test  Prognuii  Generation 
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During  the  manufacturing  stage,  in  addition  to  the 
typical  component  failures  which  may  exist  in  the  incoming 
component  lots  from  manufacturers , predictable  production 

line  failures  may  be  present  in  the  UUT,  These  failures  may  j 

be  due  to  wrong  wiring  or  to  "shorts"  typical  of 

flow-soldering  {wave  soldering)  techniques. 

During  the  maintenance  stage,  the  failures  of  components  ? 

may  be  due  to  aging,  degradation  of  properties  or  ] 

j catastrophic  changes  in  component  values.  Ability  to 

describe  the  possible  failures  which  may  occur  during  the 

life  cycle  of  the  UUT  directly  affects  the  quality  level  of 
the  test  program  generated.  Because  the  failure  definitions 
and  the  test  objectives  during  each  life  cycle  of  a UUT  may 
be  different,  it  is  desirable  to  have  a separate  test 
program  for  each  life  cycle  of  the  UUT. 

Other  considerations  in  determining  test  design 

requirements  may  be  the  detection  and  prevention  of  cascaded 
or  multiple  failures,  and  detection  of  the  overstressed 
components  after  the  first  failure. 

Test  program  generation  starts  after  the  test 

requirements  are  determined.  This  phase  is  shown  in  the 
central  box  in  Figure  3.2.  Based  on  the  UUT  design 

information,  the  NOPAL  (nonprocedural  OPAL)  automatic  test 
program  generation  system  produces  an  object  program  in  OPAL 
(Operational  Performance  Analysis  Language)  ( SS  1.  The  main  | 

advantage  of  OPAL  over  earlier  test  programming  languages  I 

I 

I (such  as  ATLAS  ( S6  1)  is  the  facility  for  modular 
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development  of  test  programs.  The  test  modules  can  be 
developed  and  shared  by  different  programmers. 

The  NOPAL  system  consists  of  top  and  bottom  parts.  Each 
one  of  these  parts  is  independent  of  the  other  and  could  be 
usefully  employed  by  itself.  The  top  part  is  used  to  design 
test  specifications  to  diagnose  and  isolate  the  failures  of 
a prospective  UUT.  The  bottom  part  accepts  the  test 
specifications  generated  by  the  top  part  as  input  and  puts 
them  into  an  efficient  execution  sequence.  The  output  is  a 
test  program  in  OPAL,  Tests  can  also  be  prepared  manually 
with  NOPAL. 

The  interface  between  the  top  and  the  bottom  parts  is 
provided  by  a number  of  test  specifications  written  in  the 
NOPAL  language.  Unlike  OPAL,  NOPAL  is  not  a programming 
language  (A  summary  of  the  NOPAL  language  is  given  in 
Section  3.3).  It  is  a method  for  describing  individual 
tests  and  diagnoses.  It  is  nonprocedural  in  the  sense  that 
it  does  not  have  facilities  for  controlling  the  execution 
sequence  of  the  tests.  The  concept  of  NOPAL  is  central  to 
the  methodology  that  has  been  developed,  and  therefore  the 
entire  system  is  referred  to  as  the  NOPAL  system.  Test 
specifications  in  NOPAL  consist  of  test  modules.  Each  test 
module  is  independent  of  other  test  modules.  A test  module 
describes  a single  test  which  has  the  objective  of 
diagnosing  some  failure  modes. 

The  most  Important  properties  of  these  test 
specifications  are  nonproceduralness,  incrementality , and 
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modularity.  Nonproceduralness  means  that  these  tests  may  be 
executed  in  any  sequence.  The  fault  isolation  logic  is 
independent  of  the  execution  sequence.  Incrementality  means 
test  specifications  may  be  added  or  deleted  without  changing 
previously  existing  test  modules.  Modularity  refers  to  the 
fact  that  each  test  specification  is  self  contained. 

When  the  top  part  of  NOPAL  is  used  independently  of  the 
bottom  part,  it  is  abbreviated  FITS  (Functional  and  Fault 
Isolation  Test  Specification).  This  report  is  concerned 
only  with  the  top  part  of  NOPAL,  The  bottom  part  is 
described  elsewhere  ( 57,58,59  ]. 

In  the  top  part  of  NOPAL,  test  design  is  accomplished 
partly  manually  and  partly  automatically.  Circuit 
description,  test  objectives  indicating  the  desired  level  of 
fault  diagnosis  and  isolation,  and  possible  failures  of  the 
UUT  need  to  be  determined  and  prepared  manually  as  input  to 
the  FITS  system.  However,  majority  of  the  inputs  are 
assigned  default  values  using  only  the  circuit  description 
of  the  UUT  and  "common"  failures  of  the  basic  circuit 
components.  Thus,  the  user  has  to  indicate  only  the 
additional  failures  and  the  desired  fault  isolation  level  if 
they  differ  from  the  standard  (system  default)  assignments, 
A test  design  has  two  significant  stages.  First,  the 
response  of  the  UUT  with  failure  to  stimuli  is  simulated 
using  a computer  aided  network  analysis  (CANA)  program  to 
generate  a data  base  containing  symptoms  of  failures.  Then 

in  the  second  stage,  similar  failure  symptoms  are  combined 
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together  to  obtain  test  limits  and  diagnosis  information. 
From  these  results,  a collection  of  test  specifications  and 
associated  diagnoses  are  generated.  If  these  test 
specifications  and  diagnoses  cannot  satisfy  the  test 
objectives,  changes  in  the  circuit  design  should  be  made  and 
a new  test  design  should  be  initiated. 

The  top  part  of  NOPAL  provides  detailed  reports 
documenting  the  failures  under  consideration,  the  fault 
isolation  level  and  the  test  specifications  generated  by  the 
system  to  meet  the  test  objectives. 

The  bottom  part  of  NOPAL  functions  as  an  automatic 
program  generator.  The  inputs  are  test  specifications 
written  in  NOPAL,  The  execution  sequence  of  tests  is 
determined  automatically  for  maximum  efficiency  as 
summarized  below.  The  output  is  a complete  ATE  test  program 
in  the  procedural  language  OPAL. 

The  first  component  of  the  bottom  part  performs 
syntactical  analysis  of  the  test  specifications. 
Syntactical  errors  and  documentation  consisting  of  a 
specification  listing  and  cross  reference  reports  formatted 
for  easy  readability  are  produced.  The  second  component 
incorporates  an  engineering  knowledge-base  needed  to 
optimize  the  execution  sequence  of  the  test  modules.  In  the 
course  of  the  analysis,  the  system  produces  various 
additional  reports  including  errors  and  warnings  of  detected 
inconsistencies,  fault  isolation  summary,  and  precedence 
analysis  showing  the  test  execution  sequence.  When  the 


m 


input  to  the  bottom  part  is  prepared  automatically  by  the 
top  part^  no  syntactical  or  logic  errors  are  expected.  The 
last  component  of  the  bottom  part  generates  a test  program 
in  OPAL  which  is  acceptable  to  ATE.  The  program  is  compiled 
by  an  OPAL  compiler,  and  then  it  is  ready  to  test  UUTs 
repeatedly. 

The  six  sequencing  strategies  in  the  bottom  part  are 
summarized  here  for  completeness.  (1)  Data  determinancy 
incorporates  the  principle  that  data  must  be  generated 
before  it  can  be  used.  The  generation  of  data  by  a 
predecessor  test  module  is  recognized  by  the  declaration  of 
a target  variable . A successor  test  module  must  then  have 
the  same  variable  declared  as  a source  var ible.  (2) 
Interactiveness  is  dictated  by  the  need  to  exchange  messages 
interactively  with  the  ATE  operator.  (3)  Component 
protection  is  based  on  the  concept  that  non-destructive 
testing  can  be  achieved  if  a critical  component  is  tested 
before  other  components  which  depend  on  it  for  their  normal 
operation,  (4)  Fault  isolation  strategy  schedules  testing 
in  a top-down  fashion  using  component  subset  relationships. 
The  more  general  fault  isolation  tests  are  executed  first. 
Then  follow  the  lower  level,  more  specific  tests,  on  the 
condition  that  a failure  is  detected  on  the  top  level.  (5) 
Stimulus  application  is  concerned  with  the  efficient 
application  of  stimuli.  It  is  based  on  the  assumption  that 
the  application  of  stimuli  is  the  most  time  consuming 


process;  and  hence,  it  is  preferable  to  conduct  all  the 
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possible  tests,  once  a stimulus  is  applied.  (6)  Failure 
likelihood  uses  the  idea  that  efficiency  is  obtained  by 
first  testing  the  components  which  are  more  likely  to  fail. 
Using  these  strategies,  the  execution  sequence  of  tests  are 
optimized.  The  reader  can  find  the  complete  description  of 
the  bottom  part  of  NOPAL  in  another  report  [ 59  ] . 

The  third  and  last  phase  in  test  program  generation 
relates  to  the  verification  of  the  test  program  design. 
Before  any  test  program  can  be  ubed  with  confidence,  its 
quality  level  in  actual  operation  needs  to  be  determined. 
This  is  done  by  checking  the  program  performance  with 
representative  OUTs  having  no  failures  and  with  UUTs  having 
known  failures  to  exercise  all  parts  of  the  test  program. 
Failure  diagnosis  and  isolation  statistics  derived  from  a 
sufficient  number  of  trials  are  used  to  evaluate  the  test 
design.  Its  quality  level  is  determined  by  comparing  the 
performance  to  the  acceptable  quality  level  (AQL) 
specifications.  The  sampling  plan  to  be  used  in  this  phase 
may  be  dictated  as  a part  of  the  test  design  requirements,  or 
one  of  the  well  established  standard  procedures  outlined  in 
MIL-STD-105  [ 60  ] may  be  employed. 

Only  after  the  test  program  has  exhibited  acceptable 
performance  can  it  be  used  to  check  out  the  UUTs  coming  from 
production  lines  or  for  repair  and  maintenance  purposes. 
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3.3  The  NOPAL  Language 


The  overall  structure  of  the  NOPAL  language  is 
summarized  in  Figure  3.3  using  extended  BNF  notation.  The 
complete  description  can  be  found  in  the  NOPAL  user's  guide 
t 58  ] . As  shown  in  the  top  line,  a specification  in  NOPAL 
has  three  parts:  test,  OUT,  and  ATE.  The  latter  two  are 
intended  to  provide  OUT  and  ATE  independence,  in  the  sense 
that  changes  that  occur  in  a OUT  or  an  ATE  can  be  reflected 
only  in  these  parts  of  the  specification,  and  other  parts  may 
remain  unaltered. 

The  concept  of  test  module , as  an  independent  integral 
entity  with  the  corresponding  diagnoses  which  identify 
failures,  is  central  to  the  NOPAL  system.  Each  test  module 
is  independent  of  other  test  modules.  Individual  test 
modules  can  be  modified,  deleted,  or  added  without  affecting 
other  test  modules.  A test  module  describes  a single  test 
which  has  the  objective  of  diagnosing  some  failure  modes. 

A test  module  consists  of  four  parts:  stimuli , 
measurements , logic,  and  diagnoses.  Stimuli  and 
measurements  consist  of  two  types  of  expressions  named 
conjunction  and  assertion.  A conjunction  is  a list  of 
waveforms  associated  with  stimuli  or  measurement  devices  and 
respective  test  points  of  the  OUT  where  they  are  applied. 
Assertions  are  expressions  composed  of  variable  names  and 
logical  and  arithmetic  operators.  The  assertions  are  used 
for  two  purposes.  The  primary  use  is  for  stating  the  ranaes 

of  measurements  which  determine  the  passing  or  failing  of  a 
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test.  The  other  use  is  to  evaluate  dynamically,  at  the  test 
time,  the  parameters  of  respective  stimulus  or  measurement 
devices. 

The  logic  part  determines  the  selection  of  diagnoses 
based  on  the  outcome  of  one  or  more  tests.  Finally,  the 
diagnosis  part  identifies  the  failures  and  the  messages 
which  communicate  the  results  of  testing  to  the  operator  of 
an  ATE. 


<NOPAL  SPECIFICATION)  : 


<TEST  SPECIFICATION) 
<UUT  SPECIFICATION) 
<ATE  SPECIFICATION) 


<TEST  SPECIFICATION) 
<TBST  MODULE)  :t- 

<STIMULI)  Jt- 

<MCASOREMENT)  it- 

<CONJUNCTION)  :i- 

<LOGIC)  it* 

<DIAGNOSIS) 


it-  <TEST  MODULE)  t<TEST  MODULE)]* 

KSTIMULDJ  (<MEASUREMENT)1 
(<LOGIC)J*  [<DIAGNOSIS)] * 

t<CON JUNCTION)]  [<ASSERTION)] * 

[<CON JUNCTION)]  [<ASSERTION)] * 

<TEST  POINTS)  <RELATION)  <WAVEFORM) 
(<TEST  POINTS)  <RELATION)  <WAVEFORM)]* 

<OPERATOR)  <DIAGNOSIS  ID) 

<DIAGNOSIS  ID)  <MESSAGE) 
f<FAILURE  IDS)] 

(<OTHER  DATA)]  (<TIMING)] 

[<OPERATOR  RESPONSE)] 


KEY:  ( 

( 


] OPTIONAL  I ' 

]*  MAY  REPEAT  ZERO  OR  MORE  TIMES  I i 

I i 


/ 

rUlIRi;  3.3  Top  I,cvol  Stnicturo  of  NOPM,  I,;mguaj’e  in  liBNi’  ' 


i 


34 


t 


I 

I 


3.4  Development  History 

The  research  and  develooment  reported  in  this  work  has 
been  conducted  by  the  Automatic  Program  Generation  Project 
at  the  Department  of  Computer  and  Information  Science,  Moore 
School  of  Electrical  Engineering,  University  of 
Pennsylvania.  This  phase  of  the  research  was  started  in 
late  January  1976  and  was  completed  (Version  1.0)  in  March 
1977. 

PITS  - the  top  part  of  NOPAL,  is  written  entirely  in 
standard  FORTRAN  and  runs  on  UNIVAC  90  and  IBM  370 
computers.  The  bottom  part  of  NOPAL,  the  Automatic  Test 
Program  Generation  System,  has  been  implemented  in  PL/I. 
Both  systems  were  developed  as  parts  of  doctoral  research. 
The  test  programs  generated  by  the  NOPAL  system  are  Intended 
to  operate  commercially  available  automatic  test  equipment 
such  as  General  Dynamic's  SCATE-MARK  VI  [ 61  ] and 
Hewlett-Packard's  HP9500  [ 62  ] . 

The  FITS  system  has  been  tested  with  several  examples. 
One  example  consisted  of  a power  supply  control  circuit  made 
of  10  semiconductors  and  15  other  components  with  a total  of 
60  failures.  It  took  about  90  minutes  of  IBM  S/360  Mod  65 
time  (CPU  and  Channel)  to  generate  satisfactory  test 
specifications. 


3.5  Advantages  and  Disadvantages  of  FITS  Methodology 


Some  advantages  and  disadvantages  of  the  methodology  are 

discussed  in  this  section. 

3.5.1  Advantages 

Advantages  of  the  methodology  developed  for  test  design 

in  this  work  are  listed  below: 

1.  Designing  tests  with  the  FITS  system  does  not  require 
specially  skilled  test  engineers.  In  most  cases  a 
circuit  description  of  the  OUT  may  already  be  available 
in  a CANA  language  if  the  circuit  design  engineer  has 
used  computer  simulation  to  check  the  design. 

2.  Tests  designed  by  test  engineers  generally  utilize 
special  interfaces  and  external  load  to  the  UUT.  On  the 
other  handr  the  tests  specified  by  the  FITS  system  do 
not  use  special  interfaces  unless  they  are  necessitated 
as  requirements  of  user  defined  test  strategies. 

3.  Likelyhood  of  human  test  design  error  is  reduced. 

4.  PITS  aids  the  test  designer  in  selecting  more  effective 
test  terminals. 

5.  Ambiguity  in  fault  isolation  and  failure  modes  which 
cannot  be  diagnosed  are  known  at  any  time  during  the 
test  design  process. 

6.  Tests  generated  by  the  FITS  system  are  modular, 
incremental  and  nonprocedural.  Modularity  means  that 
each  test  is  independent  of  others  and  defines  a 


complete  test  process  by  itself.  Incrementality  means 
that  new  tests  may  be  added  to  or  deleted  from  the  set 
of  tests  specified.  The  net  result  of  of  this  operation 
is  only  an  increase  or  decrease  in  the  level  of  fault 
isolation.  Nonproceduralness  means  that  tests  may  be 
executed  in  any  sequence  with  no  effect  on  the  fault 
isolation  logic. 

7.  Although  the  system  was  initially  developed  to  isolate 
single  catastrophic  failures  of  individual  network 
components,  other  failure  modes  such  as  out-of-tolerance 
(degraded)  components  or  multiple  and  cascaded  failures 
may  be  defined  and  isolated  by  the  PITS  system. 

8.  Component  tolerance,  stimulus  and  measurement  device 
inaccuracies  are  taken  into  consideration. 

9.  Since  the  test  specifications  are  generated 
automatically,  there  are  no  syntax  and  logic  errors  in 
the  NOPAL  test  specifications  produced. 

10.  All  numerical  analyses  are  performed  before  the  tests 
are  generated;  therefore,  no  time  consuming  computation 
has  to  be  done  during  actual  testing.  This  implies  that 
the  test  design  is  suitable  to  be  employed  in  a 
production  environment. 

11.  Environmental  conditions  such  as  ambient  temperature, 
radiation  effects,  and  thermal  noise  effects  may  be 
included  in  the  simulation. 

12.  Some  of  the  failure  modes  which  are  unknown  to  the  FITS 

system  can  be  detected. 
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When  this 


situation  is 


encountered  an  appropriate  message  is  produced 


3.5.2  Disadvantages 

The  disadvantages  of  the  FITS  system  are; 

1.  It  requires  accurate  modelling  of  the  semiconductor 

devices. 

2.  A large  number  of  computer  simulations  are  needed. 

3.  All  of  the  UUT  failure  modes  must  be  known  and  defined 

before  test  design.  This  is,  however,  a drawback  of  all 

failure  isolation  methods  reported  in  the  literature 
(63  1 . 

4.  In  an  actual  testing  environment,  the  UUT  may  have 

failure  modes  which  are  not  previously  declared  to  the 
FITS  system.  In  this  case,  there  are  two  possible 
outcomes;  (1)  The  logic  in  the  test  specifications  will 
recognize  the  unknown  failure  mode  as  known  and  classify 
it  into  one  of  the  failure  classes,  or  (2)  the 

specifications  will  not  be  able  to  classify  it  as 
belonging  to  one  of  the  known  failure  classes  and  will 
give  a message  indicating  this.  It  is  impossible  to 
predict  which  of  the  two  outcomes  will  take  place  before 
the  undefined  failure  is  analyzed. 
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3.6  Computer  System  Requirements 


The  FITS  system  was  developed  on  a UNIVAC  90/70  and 
trial  runs  were  made  on  an  IBM  S/360  Mod  65.  Both  of  these 
computers  are  medium  size  computer  systems.  All  programs 
are  written  in  ANSI  FORTRAN.  In  total,  they  are  about  15000 
statements  long. 

Most  of  the  programs  in  FITS  require  less  than  lOOKbytes 
of  memory.  The  NAP2  circuit  analysis  program  requires  about 
lOOKbytes  of  memory.  Actually  the  program  is  longer  than 
this,  but  an  efficient  overlay  structure  makes  it  possible 
to  run  within  lOOKbytes.  NAP2  is  being  modified  to  run  on 
General  Automation  GA18/30  and  DEC  PDPll  minicomputers  in 
less  than  32Kbytes  of  memory  ( 64  ) . FITS  was  developed 
with  the  realization  of  this  fact,  so  that  it  can  be 
converted  to  run  on  minicomputer  systems  as  well. 

The  FITS  system  creates  about  10  small  internal  files 
which  are  stored  as  sequential  disk  files.  The  output  of 
simulation  may  sometimes  be  very  large.  Hence  it  is 
recommended  that  NAP2  output  be  saved  on  a computer  tape, 
and  made  a permanent  file  for  later  reference. 
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CHAPTER  4 

OVERVIEW  OF  THE  FITS  SYSTEM 

In  this  chapter » a user  view  of  the  FITS  system  is 
presented  in  terms  of  the  inputs  required,  the  processes 
that  take  place  and  the  outputs  produced  to  document  the 
test  design.  The  failure  symptom  generation  methodology  is 
based  on  simulating  the  UUT  response  to  stimuli  and 
measurements  derived  from  three  test  strategies.  The  fault 
isolation  methodology  is  based  on  finding  regions  of  normal 
operation  and  regions  of  malfunction  of  the  UUT. 

The  complete  design  process  is  divided  into  five  major 
phases  as  illustrated  in  the  central  column  of  Figure  4,1. 
They  are  : (1)  system  initialization,  (2)  failure  simulation 
and  symptom  table  generation,  (3)  decision  limit 
determination  and  ambiguity  analysis,  (4)  optimization  of 
the  test  specifications,  and  (5)  NOPAL  test  specifications 
generation. 

The  inputs  to  the  FITS  system  are  described  in  Section 
4,1.  As  shown  on  the  left  side  of  of  the  flowchart  of  FITS 
(Figure  4.1),  there  are  sIa  inputs  to  the  system.  They  are: 
(1)  circuit  description  of  the  UUT,  (2)  externally 
accessible  test  terminals,  (3)  definition  of  failures 
particular  to  the  UUT,  (4)  test  objectives  in  terms  of  the 
desired  level  of  failure  isolation,  (5)  measurement  accuracy 
in  terms  of  scale  accuracy  and  number  of  significant  digits, 
and  (6)  initial  conditions  of  the  UUT.  Of  the  six  incuts, 
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only  the  first  one  is  necessary.  The  remaininq  five  can  be 
automatically  qenerated  either  from  the  circuit  description 
or  from  other  "common  practice"  enqineering  knowledqe.  The 
user  can  easily  modify  these  system  qena.ated  (default) 
assiqnments  by  insertinq  the  desired  chanqes,  additions,  or 
deletions  to  the  proper  computer  files. 

The  outputs  produced  by  the  FITS  system  are  described 
after  the  process  which  qenerate  them.  The  six  siqnificant 
outputs  of  FITS  are  shown  on  the  riqht  side  of  Figure  4,1. 
They  contain  the  following  information;  (1)  failure 
dictionary  contains  the  definitions  of  the  failures,  (2) 
candidate  tests  libraries  contain  the  tests  to  be  tried,  (3) 
failure  symptom  table  contains  characteristic  responses  of 
the  UUT  at  the  test  terminals,  (4)  decision  limits  and 
decoder  tables  show  the  measurement  ranges  used  to  identify 
the  failures  and  how  to  get  diagnostic  information  out  of 
them,  (5)  ambiguity  report  shows  how  the  failures  are 
isolated  into  groups  using  the  test  limits  specified  in  the 
fourth  output,  and  (6)  NOPAL  specification  of  tests 
communicate  the  tests  to  be  performed  to  the  bottom  part  of 


NOPAL 


IMHJT 


PROCESS 


OOTPOT 


I’igure  4.1  Top  Kovel  riowoliart  of  FITS 


4,1  System  Initialization 


The  system  initialization  process  relates  to  the 
preparation  of  data  and  input  to  the  other  parts  of  the  FITS 
system.  It  has  three  subprocesses:  (1)  input 

initialization,  (2)  generation  of  failure  dictionary  and  (3) 
generation  of  candidate  tests.  Each  one  of  these 
subprocesses  are  described  with  the  inputs  they  take  and  the 
outputs  they  produce. 

4.1.1  Inputs  Required  of  the  User 

The  six  input  sections  required  of  the  user  are  described 
in  Sections  4. 1.1.1  through  4. 1.1. 5.  The  first  input  is 
required,  and  the  remaining  five  are  optional.  The  FITS 
system  assigns  default  value's  to  any  input  (except  circuit 
description)  when  it  is  not  :jpecified. 

4. 1.1.1  Circuit  Description 

The  behavior  of  the  UUT  needs  to  be  simulated  under 
nominal  and  malfunctioning  conditions  before  test 
specifications  can  be  determined.  For  this  purpose  an 
accurate  circuit  description  of  the  UUT  must  be  supplied 
to  the  computer  aided  network  analysis  (CANA)  program  within 
the  FITS  system. 

The  first  step  taken  in  this  process  is  to  prepare 

sufficiently  accurate  models  of  the  components  used  in  the 

circuit  diagram.  The  equivalent  model  of  the  circuit 

diagram  may  consist  of  resistors,  capacitors,  inductors, 

43 


'T 


mutual  inductances,  voltage  and  current  sources,  bipolar  and 
FET  devices.  Accurate  modelling  of  the  last  two  components 
may  be  an  involved  task.  However,  in  the  case  of  popular 
device  types,  a number  of  published  models  are  available 
[ 65,66  1.  For  example,  a library  containing  the  most 
popular  types  of  transistors  and  diodes  may  be  found  in  a 
model  library  on  the  EXTENDED  SCEPTRE  program  ( 66 ] tape. 
Complex  devices  are  modelled  by  simpler  equivalent  circuits. 
The  behavior  of  an  equivalent  circuit  element  may  be  defined 
by  a numerical  constant,  table,  or  mathematical  expression. 
Component  tolerances  need  to  be  specified  by  stating  the 
maximum  expected  deviation  from  the  nominal  value.  After  an 
equivalent  circuit  has  been  prepared,  each  circuit  node  is 
given  an  arbitrary  name.  A circuit  node  is  defined  as  the 
point  of  common  potential  at  the  junction  formed  by 
interconnection  of  two  or  more  circuit  elements.  Each 
component  is  assigned  a unique  name.  The  first  letter  of 
the  component  name  identifies  the  component  type  as  well. 
Current  flow  directions  and  source  polarities  are  also 
indicated.  In  the  OUT  circuit  description  no  power  supplies 
and  input  signal  sources  are  specified.  The  connection  of 
power  supplies  and  other  stimuli  including  the  status  of 
mechanical  switches,  potentiometers  and  other  adjustable 
components  are  treated  as  different  initial  conditions  of 
the  OUT.  The  initial  conditions  are  provided  as  a separate 
input.  Details  of  circuit  description  for  circuit  analysis 
can  be  found  in  the  user  manual  (Appendix  A and  NAP2  User's 
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Manual).  The  inputs  to  most  circuit  analysis  programs  have 
similar  syntax.  If  the  user  is  familiar  with  any  CANA 
system,  it  should  be  very  easy  to  write  circuit  descriptions 
in  the  language  of  the  circuit  analysis  program  found  in 
FITS.  Mainly  for  reasons  of  convenience,  the  NAP2  [ 67  1 
circuit  analysis  program  is  used  in  this  implementation. 

In  this  chapter  test  specifications  to  diagnose  and 
isolate  the  catastrophic  failures  in  a control  power  supply 
(CPS)  circuit  are  used  to  provide  examples.  The  schematic 
of  the  CPS  circuit  is  shown  in  Figure  4.2.  This  is  the 
power  supply  control  circuitry  of  the  laser  range  finder 
AN/WS-1.  Details  of  its  operation  can  be  found  in 
MIL-C-14866 (MU)  ( 68  ] . The  NAP2  circuit  description  of  the 
CPS  circuit  is  shown  in  Figure  4.3.  In  this  example, 
simplified  semiconductor  models  are  used  to  make  the 
description  shorter.  The  first  line  provides  identification 
names  to  the  FITS  system.  This  line  indicates  that  the 
following  input  is  the  circuit  description  of  the  unit  under 
test  named  "UUT_CPS".  Its  failure  dictionary  is  called 
"DEFAULT".  The  remainder  of  an  input  line  after  a colon  (:) 
is  interpreted  as  comment  by  HAP2,  Lines  9 through  17  are 
the  simplified  semiconductor  models.  Lines  19-45  are  the 
descriptions  of  the  components  of  the  circuit.  The  first 
component  is  a resistor  called  Rl  which  is  incident  on  the 
circuit  nodes  23  and  7.  Its  nominal  value  is  680  ohms. 
"FAILS"  is  a keyword  recognized  by  the  automatic  dictionary 
generation  program.  It  generates  the  default  catastrophic 


failure  modes  of  this  type  of  component,  namely  open  and 
short.  Lines  47-50  show  the  assiqnment  of  tolerance  to  the 
circuit  components.  For  example,  resistors  R2  and  R1  both 
have  +-1%  tolerance. 

The  user  indicates  which  circuit  components  may  fail  by 
suffixing  the  component  description  in  the  circuit 
description  input  by  the  "FAILS"  command  which  is  optionally 
followed  by  "DEFAULT"  (or  no  entry).  This  means  the 
component  may  have  any  one  of  the  catastrophic  default 
failure  modes  described  in  Table  4.1,  The  names  of 
nonstandard  failures  are  entered  similarly  after  the  "FAILS" 
command.  This  option  allows  the  user  to  define  any 
modification  of  the  nominal  circuit  description  to  be  a 
failure  mode  of  the  UUT.  The  nonstandard  failure 
definitions  must  be  supplied  completely  by  the  user  in  the 
Failure  Definitions  input  section.  The  default  catastrophic 
failure  definitions  are  built  into  the  system  so  that  all 
necessary  instructions  to  NAP2  to  modify  the  nominal  circuit 
description  are  automatically  generated. 


4h 


CR<o 

JA!^IN42a7 


Figure  4.2  UUT-CPS  Circuit  Diagram 


CIRCUIT  DESCRIPTION  UUT  CPS  DEFAULT  (FAILURE  MODES) 

JREFER  To  UUT  CIRCUIT  DIAGRAM  CONTROL  POWER  SUPPLY  #10559261 
tREPORT  NUMBER;  MIL-C-14866 (MU) , 2 MARCH  1970 

lA  UNIT  OF  THE  LASER  RANGE  FINDER  AN/WS-1  PROJECT  NO  1240-A135 
:UUT  TERMINAL  NAMES  <->  CIRCUIT  NODE  NAME 

: (J1  A <->  1),  (J1  B <->  0),  (J1  E <->  5),  (J1  F <->  29), 
t (J1“G  <->  33),  (JT  H <->  26),  (Jl  X <->  32)  ~ 

tSIMPtiFIED  SEMICONDUCTOR  MODELS  - USED  FOR  ILLUSTRATION  ONLY 


Q1132/PNP/ 

AF 

.99 

AR 

.39 

IS 

99E-15 

CE 

80E-12 

CC 

4 5E-12 

01613/NPN/ 

AF 

.99 

AR 

.10 

IS 

9E>15 

CE 

5E-12 

CC 

lOE-12 

01724/NPN/ 

AF 

.98 

AR 

.50 

IS 

9E-15 

CE 

275E-12 

CC 

15E-12 

Q2060/NPN/ 

AF 

.99 

IS 

lE-15 

CE 

85E-12 

CC 

15E-12 

D3070/DIODE/ 

D3600/DIODE/ 

D202A/DIODE/ 

D1202/OIODE/ 

D4247/DIODE/ 


IS  O.lE-15 
IS  lOOE-15 
IS  50E-15 
IS  lOE-15 
IS  lE-15 


CJ  5E-12 
CJ  2.5E-12 
CJ  lE-12 
CJ  lE-12 
CJ  lE-12 


; RESISTORS  & CAPACITOR 


R1 

23 

7 

680  ; FAILS 

R2 

19 

9 

301  : FAILS 

R3 

9 

0 

1470  ; FAILS 

R4 

23 

11 

1000  ; FAILS 

R5 

10 

0 

1000  : FAILS 

R6 

23 

20 

50  : FAILS 

R7 

21 

25 

1000  ; FAILS 

R8 

29 

12 

270  ; FAILS 

R9 

14 

32 

200  ; FAILS 

RIO 

23 

17 

10000  ; FAILS 

Rll 

17 

18 

23  700  : FAILS 

RSW 

18 

0 

0.1  ; OPEN( 

: SHORT 

RLD 

1 

0 

2200  ; FAILS 

Cl 

12 

0 

lOE-6  ; FAILS 

SHORT (R8)  CANNOT  HAPPEN 


tDIODES 


OPEN (Cl)  IS  SAME  AS  NOMINAL 


TDCRl 

7 

26 

D3070  ; 

FAILS 

TDCR2 

7 

19 

D3‘;00  ; 

FAILS 

: 0PEN(TDCR2) 

IS 

SAME 

AS 

TDCR3 

13 

14 

D3b00  : 

FAILS 

: OPEN(TrCR3) 

IS 

SAME 

AS 

TDCR4 

26 

1 

D202A  : 

FAILS 

TDCR5 

32 

1 

D202A  : 

FAILS 

TRANSISTORS 

TOIA  11 

9 

10 

Q2060  : 

FAILS 

TQIB  23 

12 

10 

02060  : 

FAILS 

TQ2 

20 

11 

21 

01613 

TO  3 

32 

21 

25 

01724 

T04 

13 

17 

23 

01132 

iCOMPONENT  TOLERANCES  “ 

•MODIFY  2 0.01  R2  R3 

•MODIFY  3 0.05  R1  R4  R5  R6  R7  R8  RlO  Rll 
•MODIFY  4 0.0467  REV15V.E 
•MODIFY  5 0.0345  REV29V.E 
:END  OF  CIRCUIT  DESCRIPTION 


FAILS  : COLL  OPEN(TQ2)  IS  SAME  AS  OPEN(R6) 
FAILS  : BE  SUORT(TQ3)  IS  SAME  AS  OPEN(R7) 
FAILS  : COUl  0PEN(TQ4)  IS  SAME  AS  OPEN(R9) 


I'igurc  4.3  NAr2  Circuit  Dt'script  ion  of  UUr-CPS 


•18 


1 


I 

1 


TABLH  4,1  ('ATASTRLinilC  I'AIllIRi;  ni-.FINITIONS  IN  FITS 


CIRCOIT  ELEMENT 

•+- 

1 

1 

FAILURE 

FUNCTION 

1 

1 

DEFINITION 

Resistor 

■t"* 

1 

1 

OPEN 

“t" 

1 

1 

Replace  by  a high  valued 
resistor 

1 

1 

SHORT 

•T 

1 

1 

«X« 

Replace  by  a small  valued 
resistor 

Capacitor 

"T 

1 

1 

OPEN 

“T* 

1 

1 

«x« 

Replace  by  a high  valued 
resistor 

1 

1 

SHORT 

T* 

1 

1 

Replace  by  a small  valued 
resistor 

Inductor 

1 

1 

OPEN 

1 

•T* 

1 

1 

Replace  by  a high  valued 
resistor 

1 

1 



SHORT 

“T" 

1 

1 

Replace  by  a small  valued 
resistor 

Diode 

“T—" 

1 

1 

OPEN 

•T" 

1 

1 

~x« 

Replace  by  a high  valued 
resistor 

1 

1 

SHORT 

T 

1 

1 

Replace  by  a small  valued 
resistor 

Bipolar  Junction 
Transistor 

1 

1 

COLL_OPEN 

— T* 

1 

1 

•X« 

Insert  a high  valued  resistor 
series  with  the  collector 

in 

1 

1 

BASB_OPEN 

1 

1 

«x. 

Insert  a high  valued  resistor 
series  with  the  base 

in 

1 

1 

EMIT_OPEN 

1 

1 

• X« 

Insert  a high  valued  resistor 
series  with  the  emitter 

in 

1 

1 

8C_SHORT 

•T 

1 

1 

••X« 

Short  base  collector  with 
small  resistor 

1 

I 

BE_SHORT 

•T* 

1 

1 

-X- 

Short  base  emitter  with  a small 
resistor 

1 

1 

EC_SHORT 

T 

1 

1 

Short  emitter  collector  with 
resistor 

a 
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4.1. 1.2  Available  Test  Terminals 


A test  terminal  is  defined  as  a circuit  node  of  a UUT 
which  is  externally  available  for  attaching  test  devices. 
Not  all  of  the  nodes  of  a UUT  may  be  available  for  stimulus 
and  measurement  device  connections.  The  terminals  which  are 
available  for  test  device  connection  must  be  stated  so.  All 
terminals,  where  the  oower  supplies  are  to  be  connected 
should  be  externally  accessible  since  a UUT  is  expected  to 
contain  no  internal  power  supplies.  The  common  terminal 
(ground)  should  be  declared  as  a test  terminal  as  well. 

When  the  user  does  not  provide  this  input,  all  circuit 
nodes  are  assumed  to  be  externally  available  as  test 
terminals.  The  system  then  selects  and  references  only 
those  test  terminals  which  minimize  the  number  of  test 
setups.  However,  the  user  must  be  cautious  because  this 
approach  will  result  in  a large  number  of  potentially 
applicable  tests  which  in  turn  will  consume  excessive 
computer  time  during  the  simulation  process. 

Figure  4.4  illustrates  the  specification  of  test 
terminals  in  the  CPS  example.  The  first  line  indicates  that 
the  following  input  is  the  description  of  the  test  terminals 
available  on  the  UUT  connector  named  "Jl-PIN",  In  the 
remaining  lines  the  test  terminals  are  described  by  the 
circuit  node  name  followed  by  the  cor respondina  external  UUT 
connector  pin  name.  The  rest  of  an  input  line  contains 
comments  about  the  test  terminal. 


SO 


t 


TEST  TERMINALS  J1  PIN  <CKT  NODEXTEST  TERM>  f <COMMENT> ] 


1 

0 

JT  B 

GROUND” 

1 

1 

J1”A 

Q SWITCH 

25 

J1~E 

+I4V  AOX. 

; 1 

29 

J1“F 

+15V” 

1 

23 

J1“G 

+ 29V 

26 

J1“H 

+28, +24  TANK  BATTERY  SENSE 

i 1 

32 

J1“X 

BTl  RECHARG£j4BtC  BATTERY 

I 


'•  Figure  4.4  lUn’-CPS  Test  Tenninals  Input 
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4. 1.1. 3 Failure  Definitions 


In  general,  a failure  is  recognized  by  three  properties: 
(1)  an  action  or  event,  (2)  a standard  against  which  to 
compare  the  event,  and  (3)  a procedure  to  measure  the  event 
against  the  standard.  A failure  of  a UUT  is  a failure  event 
by  definition.  The  nominal  circuit  behavior  (i.e.,  circuit 
with  no  failures)  is  the  standard  against  which  the  failures 
are  compared  to  determine  their  diagnosability . Since 
failure  is  only  a relative  concept,  any  component  value  may 
be  declared  to  be  the  cause  of  UUT  malfunction.  For 
example,  in  some  applications,  the  change  of  the  value  of  a 
resistor  by  a small  percentage,  say  10%,  may  be  a failure. 
In  other  applications  10%  change  of  component  values  may  be 
acceptable.  Sometimes  failure  definitions  may  involve 
topological  changes  in  the  circuit  description,  A typical 
case  is  the  failure  of  capacitors  in  oower  supply  circuits. 
These  capacitors  generally  fail  by  the  puncture  of  the 
isolation  layers  (shorting).  The  equivalent  circuit 
component  is  a small  value  resistance  replacing  the 
capacitor . 

A failure  mode  of  a UUT  is  defined  as  the  state  a UUT 
is  in  when  one  or  more  of  its  components  fail  in  a 
predetermined  fashion.  A failure  definition  of  a comoonent 
is  the  circuit  description  of  the  equivalent  circuit 
component  or  components  capable  of  representing  the  behavior 
of  the  failed  component.  A failure  mode  may  be  identified 

descriptively  such  as  "SHORT(Rl)".  It  may  also  be 
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identified  by  the  sequence  number  assigned  to  it  in  the 
failure  dictionary.  The  failure  dictionary  is  a table  which 
lists  the  failure  modes  of  the  UUT  by  sequence  number » 
descriptive  namer  and  by  the  definition  of  the  failure  in 
terms  of  equivalent  circuit  components.  Table  4.2 
summarizes  the  options  available  in  the  failure  dictionary 
entries.  The  organization  of  this  table  is  described  in 
more  detail  in  Section  4.1.4,  and  in  Appendix  A. 

To  provide  consistency  between  the  circuit  descriptions 
language  and  failure  definition,  the  failures  of  the  UUT  are 
communicated  to  the  FITS  system  as  changes  to  the  nominal 
circuit  description.  Hence,  a failure  mode  of  a UUT  may  be 
viewed  as  another  circuit  description. 

It  is  observed  that  in  the  majority  of  cases,  the 
failures  of  analog  circuits  tend  to  be  catastrophic  (open  or 
short)  [69,70,71,72  ].  In  digital  circuits  similar  behavior 

is  observed.  To  ease  the  task  of  failure  dictionary 
preparation,  a collection  of  catastrophic  failure 
definitions  are  provided  by  the  FITS  system  (see  Table  4.1). 
The  user  has  to  declare  only  those  failures  which  differ 
from  the  default  assignments. 

After  the  name  of  a nonstandard  failure  of  a circuit 

component  is  declared  in  the  circuit  description  input,  the 

description  of  the  failure  in  NAP2  statements  is  entered  in 

this  section  of  input.  In  the  CPS  example,  all  failure 

modes  were  assumed  to  be  default  failures.  Therefore,  no 

illustration  of  this  section  is  given  here.  Examples  to 
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nonstandard  failure  definitions  can  be  found  in  the  user's 
guide  in  Appendix  A. 

TABLE  4.2  OPTIONS  IN  THE  FAILURE  DICTIONARY 


NAME 

DATA  TYPE 

OPTIONS 

DESCRIPTION 

ID. 

4 digit 
integer 

not 

applicable 

Failure  mode  sequence 
number 

L 

COMPONENT 

NAME 

1 

string  of  12 
characters 

see  own 
table 

Name  of  the  component 
as  it  appears  in  the 
circuit  description 

L 

PAILORC 

FUNCTION 

String 

— 

see  own 
table 

Name  of  the  failure 
function  of  the 
failure  of  the 
compomnt 

NODES 

2 or  3 two 
digit 
numbers 

L ^ J 

see  own 
table 

Identifies  t;-'-' 
incidence  of 
component  on  x...e 
circuit  nodes 

CHANGE 

String 

see  own 
table 

Describes  the  change 
in  the  nominal  circuit 
due  to  the  failure 

TYPE 

string 

see  own 
table 

For  simple  failures 
identifies  the  new 
component  type. 
Otherwise  describes 
where  the  definition 
is  to  be  found. 

L 

PARAMETER 

string  or 
number 

see  own 
table 

Value  of  the  new 
component  or 
subcircuit  library 
member  name 

L 

VALUE 

r ' - ■ • ^ ■ -I 

string  or 
numoer 

L J 

not 

applicable 

Value  of  the  comoonent 
in  the  nominal  circuit 

ALIAS 

String 

str ing 

Alternate  failure 
function  name.  This 
name  is  passed  to  the 
bottom  part. 

INDEX 

2 digit 
integer 

L J 

2 digit 
integer 

Failure  rate  index  is 
not  currently 
supported  by  FITS.  If 
supplied,  it  is  passed 
on  to  the  bottom  part. 

I 


I 

i 

I 

j 4. 1.1. 4 Fault  Isolation  Objectives  (Desired  Ambiguity  Level) 

I There  are  cases  when  a g^er  is  not  interested  in 

t 

isolating  each  failure  of  the  UUT  uniquely#  but  is  willing 
to  have  them  isolated  in  small  groups#  mainly  for  reasons  of 
economy  in  test  program  generation  time  and  actual  testing 
time.  Unless  otherwise  requested  the  FITS  system  attempts 
to  diagnose  better  than  85%  of  the  failures  declared  in  the 

t 

failure  dictionary.  It  uses  the  same  tests  for  fault 
isolation.  However,  the  user  may  modify  this  requirement  by 
specifying  the  following  statements: 
m % DIAGNOSIS, 

p % OF  FAILURES  IN  1 -AMBIGUOUS  CLASSES# 

• • • 

p^%  OF  FAILURES  IN  K -AMBIGUOUS  CLASSES# 

Diagnosis  percentage  (m  % diagnosis)  means  that  of  all 
the  failures  in  the  failure  dictionary,  it  is  sufficient  to 
have  only  m%  detected  as  reasons  of  failure  of  the  UUT. 

This  specification  alone  gives  no  restriction  on  fault 
isolation.  Separate  statements  convey  this  information. 

Fault  isolation  percentage  (p^  % isolation)  is  stated  in 
terms  of  cumulative  percentage.  Therefore; 
p^  <p^  ...  p^  and  ’^n' 

where  p^  is  the  cumulative  percentage  of  failure  modes  which 
are  isolated  -ambiguously  or  better,  k-ambiguity  is  the 
inability  to  distinguish  between  k failure  modes. 
k-amblquous  class  of  failures  is  a set  of  k failure  modes 
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which  cannot  be  distinguished  from  one  another  with  the 
given  tests.  A k-ambiguous  class  is  also  called  an 
equivalence  class  or  equivalent  class  of  failures. 

The  concept  of  cumulative  fault  isolation  percentage  can 
be  graphically  represented  as  shown  in  Figure  4.5.  In  this 
graph,  the  horizontal  axis  is  labelled  by  k-ambiguity.  The 
vertical  axis  shows  the  cumulative  fault  isolation 
percentage.  The  curve  obtained  by  connecting  the  points  of 
cumulative  percentage  versus  k-ambiguity  is  called  a fault 
isolation  curve.  In  order  to  satisfy  the  given  fault 
isolation  requirement,  the  FITS  system  has  to  find  tests 
whose  results  yield  a fault  isolation  curve  which  either 
matches  or  exceeds  the  requested  level. 

Figure  4.6  shows  the  objectives  specified  for  the  CPS 
example.  The  first  line  indicates  that  the  following  input 
specifies  the  test  objectives  called  "STANDARD*.  It 
requests  that  the  tests  designed  should  be  capable  of 
diagnosing  80%  of  all  of  the  possible  failures.  25%  of  the 
failures  should  be  uniquely  identifiable.  Also,  50%  should 
be  2 or  less  ambiguous,  60%  should  be  5 or  less  ambiguous, 
and  80%  should  be  10  or  less  ambiguous. 
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46  151 


OBJECTIVES 

STANDARD  <PERCENT> 

<AMBIGUITY>  <COMKENT> 

80.00 

% DIAGNOSIS 

25.00 

1 

25%  UNIQUELY 

50.00 

2 

sot  IN  CLASSES 

OF 

2 OR 

LESS 

60.00 

5 

60%  IN  CLASSES 

OF 

5 OR 

LESS 

80.00 

10 

80%  IN  CLASSES 

OF 

10  OR  LESS 

Figure  4.6  UUT-CPS  Objectives  Input 

4. 1.1. 5 Measurement  Accuracy 

All  measurement  devices  have  limited  accuracy  associated 
with  the  measurements  they  make.  It  is  assumed  that  when  a 
test  is  to  be  performed,  the  test  equipment  is  properly 
calibrated  and  makes  negligible  calibration  error.  All 
errors  are  assumed  to  be  due  to  noise  and  component 
tolerances  which  have  a known  range  of  contribution  to  the 
individual  measurements.  The  options  in  specifying 

measurement  and  test  design  accuracy  are  described  in  Table 
4.3.  Three  types  of  accuracy  may  be  soecified:  (1)  zero 
discrimination,  (2)  percent  accuracy  of  the  actual 
measurement,  and  (3)  the  number  of  significant  digits  in  the 
measured  quantity.  FITS  assumes  0.1%  measurement  accuracy, 
and  4 significant  digits  in  the  meter  readings. 

Some  measurement  devices  cannot  take  accurate 
measurements  near  zero;  that  is,  there  is  a threshold  level 
below  which  measurements  are  meaningless.  This  limit  is 
specified  as  zero-discrimination,  FITS,  then,  does  not  use 

S8 
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the  responses  of  the  UUT  between  plus  and  tr.inus  values  of 
the  discrimination  range.  The  default  value  for  all 
measurements  is  l,0E-6. 

Figure  4.7  shows  the  accuracy  specification  for  the  CPS 
example.  The  first  line  indicates  that  the  following  input 
is  the  accuracy  specification  called  "VERY-LOW".  The  second 
line  indicates  that  the  measurements  whose  absolute  values 
are  less  than  l.OE-3  should  not  be  used  in  fault  isolation. 

The  third  line  indicates  that  the  measurements  obtained  by 
the  measurement  devices  are  inaccurate  by  +-0.1%  of  the 
actual  measurement.  The  fourth  line  indicates  that  the 
measurements  are  accurate  to  only  3 significant  digits. 

The  remaining  lines  are  program  control  parameters.  It 
is  expected  that  in  most  applications  the  default  values 
will  be  satisfactory.  These  parameters  are  explained  in 
Table  4.3.  Their  effect  may  be  easier  to  understand  after 
reading  Section  4.3.  The  first  option  (SORT)  controls  the 
sorting  strategy  for  the  assertions  created.  The  second 
option  (OPTIMIZE)  allows  the  user  to  skip  the  test  length 
minimization  process.  Finally,  the  third  option  (MISSING) 
allows  the  user  to  equivalence  the  failures  missing  from  the 
circuit  simulation  to  a failure  which  has  already  been 
simulated. 


-UUWIfll, 


TABLE  4.3  OPTIONS  IN  ACCURACY  SPECIFICATIONS 


OPTION  NAME  I TYPE  | DEFAULT  I VALUE  I 


ZERO 

DISCRIMINATION 


Fit. 

No. 


lE-6 


MEASUREMENT 

INACCURACY 


Fit. 

No. 


0.1% 


SIGNIFICANT 

DIGITS 


Int. 


SORT 


Int. 


OPTIMIZE 


Int. 


MISSING 


Int. 


<n> 


PURPOSE 


Measurement  whose 
absolute  value  is  less 
than  this  value  is  not 
included  in  creating 
assertions 


Percent  inaccuracy  in 
measurements 


Number  of  significant 
digits  in  the 
measurements 


List  the  assertions  and 
tests  in  the  order  they 
are  created 


Sort  the  assertions 
within  the  tests  only 
according  to  increasing 
sensitivity 


First  sort  the 
assertions  within  the 
tests  and  then  sort  the 
tests  among  themselves 


Leave  the  assertions  in 
the  order  they  were 
created  but  sort  the 
tests  among  themselves 


Sort  the  assertions 
regardless  of  the  tests 


Include  all  tests  (or 
assertions)  to  select 
diagnoses 


Minimize  the  number  of 
tests  (or  assertions)  to 
select  diagnoses 


Put  the  missing  failure 
symptoms  in  the  same 
region  as  Failure  <n> 
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4. 1,1. 6 Initial  Conditions 


As  briefly  mentioned  earlier  the  status  of  mechanical 


switches,  potentiometers,  and  power  supplies  define 


different  initial  conditions  for  a UUT.  Initial  conditions 


specification  serves  two  purposes.  (1)  It  allows  the  user 


to  declare  the  power  supplies  to  be  used  in  the  DC-strategy 


testing  (see  Section  4.1.5).  Using  this  input,  PITS 


automatically  generates  the  NOPAL  and  NAP2  statements  to  try 


the  DC-strategy  tests.  (2)  A modified  version  of  the 


initial  conditions  specification  allows  the  user  to  define 


tests  and  initial  conditions  if  the  FITS  generated  standard 


tests  are  not  sufficient.  The  user,  in  this  case,  has  to 


provide  the  NOPAL  and  NAP2  statements  which  describe  the 


test  and  the  type  of  analysis.  This  is  a very  powerful 


option  which  allows  the  user  to  try  different  tests  and 


utilize  the  results  after  the  fault  detection  and  isolation 


methodology  of  FITS. 


The  details  of  how  to  write  the  initial  conditions 


can  be  found  in  Appendix  A.  Here  only  an  example  is 


presented.  Figure  4,8  shows  the  initial  conditions  used  in 


the  CPS  example.  The  first  line  indicates  that  the 


following  input  belongs  to  the  initial  conditions  named 


’NORMAL".  The  first  initial  condition  describes  a user 


defined  test  enclosed  between  the  BEGIN  and  END  statements. 


The  lines  which  start  with  a colon  in  the  first  column  are 


NOPAL  statements.  All  other  lines  are  interpreted  as  NAP2 
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ACCORACY  VERY-LOW 


l.OB-3  ZERO  DISCRIMINATION 

0,1  MEASUREMENT  INACCURACY  (PERCENT) 

3 NUMBER  OF  SIGNIFICANT  DIGITS 

0 -SORT  LIST  ASSERTIONS  AND  TESTS  AS  CREATED 

1 -OPT  OPTIMIZE  ASSERTIONS  PER  DIAGNOSIS 

1 -MISSING  FAILURES (IF  ANY)  SHOULD  NOT  BE  DIAGNOSABLE 


Figure  4.7  1)IJT-CPS  Accuracy  Input 


INITIAL-CONDITIONS  NORMAL 

BEGIN  DEFINE  IMPLIED  CROSS  IMPEDENCE  TEST 
: STIMULUS  ; 

t CONJUNCTION  ; 

; ( < J1  E , J1  G > AMP  - 

: " JSUPPEY  ( l.OE-6  AMP  , l.OE-6  MHO  ) ); 

: 

I MEASUREMENT  ; 

: CONJUNCTION  ; 

: ( < J1  G , J1_B  > VOLT  - 

; “ VOLTMETER  ( VJ1_G1  VOLT  ) ) 

: TARGET  : VJ1_G1  ; 

• 

GOHMETER  23  0 l.OE-6  J l.OE-6 
*DC  *WORST  V23  : IMPLIED  CROSS  IMPEDENCE 

END 

BEGIN 


END 

BEGIN  THIS  IS  A SIMPLE  TEST  OF  POWERING  THE  OUT 

REVBTl  32  0 0.01  E 24.0 

REV15V  29  0 0.01  E 15.0 

REV29V  23  0 0.01  E 29.0 

REV24V  26  0 0.01  E 24.0 

END 

END-INITIAL  CONDITIONS 


Figure  4.8  UIJT-CPS  Initial  Conditions  Input 
(Partial  Listing) 
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statements  of  a test. 


These  initial  conditions  except  the  last  one  are  user 
defined  cold  circuit  tests.  The  test  strategies  are 
described  in  Section  4.1.5.  PITS  generates  most  of  the  cold 
circuit  tests  automatically.  In  the  CPS  example,  the 
computer  runs  were  made  before  the  automatic  test  generator 
program  was  implemented.  Unfortunately  for  some  tests, 
terminal  connections  are  reversed.  Instead  of  adapted  data, 
the  exact  test  descriptions  are  given  as  user  defined  tests. 
The  last  initial  condition  specifies  the  power  supplies  of 
the  CPS  circuit.  FITS  automatically  generates  the 
appropriate  NOPAL  and  NAP2  statements  to  perform  the 
DC-strategy  tests  as  applicable. 

4.1.2  Input  File  Initialization 

This  process  accepts  the  user  input  from  a single  source 
file  and  writes  each  input  section  into  its  own  file. 
Because  it  has  no  significance  on  the  methodology)  it  is  not 
further  described. 


4.1.3  Generation  of  Failure  Dictionary 

The  first  major  operation  that  takes  place  when  FITS  is 
started  is  the  creation  of  a failure  dictionary  which 
contains  all  the  information  relating  to  the  definition  of 
the  failure  modes  of  a UUT.  The  input  to  this  process  (Pi 
in  Figure  4,1)  is  the  circuit  description  of  the  UUT.  The 
process  scans  the  circuit  description  and  produces  a failure 


dictionary  using  the  catastrophic  failure  definitions 
described  in  Table  4,1.  The  user  has  the  option  to  modify 
the  failure  dictionary  and  to  include  additional  failures. 

After  the  generation  of  the  dictionary  is  completed,  a 
user  oriented  version  of  the  failure  dictionary  table  is 
printed  (see  Table  4.4). 

4,1,4  Failure  Dictionary 

The  failure  dictionary  is  a table  generated  by  the  FITS 
system  automatically.  It  defines  the  failure  modes  of  a UUT 
as  used  by  the  FITS  system.  Table  4.4  illustrates  the 
entries  in  the  failure  dictionary.  The  "sequence  number"  is 
an  integer  which  is  used  as  a short  identifier  for  the 
failure  mode.  The  "component  name"  is  the  name  of  the 
component  which  has  failed  as  declared  in  the  circuit 
description.  The  "failure  function"  is  the  descriptive  name 
of  the  failure  of  the  component.  The  entries  under  "nodes" 
show  which  circuit  nodes  this  component  is  incident  on.  The 
"change"  entry  describes  the  change  caused  by  the  failure  in 
the  circuit,  such  as  topological  or  value  changes.  The 
"type"  entry  identifies  what  the  equivalent  circuit 
description  is,  such  as  resistor,  capacitor,  or  library 
model.  The  "parameter"  entry  shows  the  value  of  the  new 
component  or  gives  the  name  of  the  library  member  which 
describes  a complex  failure  definition.  The  "remark"  entry 
is  for  comments.  "Value"  entry  gives  the  nominal  value  or 
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the  model  name  of  the  component,  "Alias"  is  an  alternate 
failure  function  name.  "Index"  is  the  failure  rate  index  of 
the  failure  mode.  In  this  implementation  of  FITS  all 
failures  are  assumed  to  be  equally  likely.  However,  the 
failure  index  may  be  changed  to  control  the  bottom  part  of 
NOPAL  to  sequence  the  execution  of  the  tests  such  that  the 
tests  which  isolate  the  failures  with  higher  failure  index 
are  performed  before  the  tests  which  isolate  the  failures 
with  the  lower  failure  index.  Failure  rates  of  circuit 
components  and  mean  time  between  failure  (MTBF)  are  two 
parameters  that  are  used  to  calculate  failure  indices.  An 
introduction  to  this  concept  can  be  found  in  references  [ 69, 
70).  There  are  a number  of  references  which  periodically 
update  component  reliability  data.  Detailed  explanation  of 
failure  rate  equations  and  other  data  can  be  found  in 
MIL-HDBK-2173  [ 74  ) and  in  PARADA  [ 75  ] , 

Table  4,4  shows  the  complete  failure  dictionary  for  the 
CPS  example.  The  dictionary  was  automatically  generated 
from  the  circuit  description  given  in  Figure  4,3.  The 
ordering  of  the  failure  modes  were  slightly  rearranged  so 
that  the  failure  sequence  numbers  match  the  assignments  made 
in  an  earlier  work  { 73.76  !• 
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TABLE  4,4  FAILURE  DICTIONARY  OF  THE  UUT-CPS 


TABLE  4.4  FAILURE  DICTIONARY  (Continued) 


TABLE  4.4  FAILURE  DICTIONARY  (Continued) 


to  the  process  are  the  circuit  description,  the  list  of 
externally  available  test  terminals,  the  failure  dictionary, 
and  the  initial  conditions  of  the  UUT.  The  first  output 
file  contains  instructions  to  a CANA  program  (NAP2)  for 
simulating  a test  (Figure  4.11),  The  second  file  contains 
the  description  of  the  same  stimuli  and  measurements  in  the 
NOPAL  language  (Figure  4.10), 

In  the  present  system,  there  are  three  test  strategies. 
A test  strategy  refers  to  a similar  group  of  tests  which 
apply  identical  stimulus  or  measurement  devices  between 
CJUT's  test  terminals  to  determine  its  response.  Users  may 
employ  other  strategies  following  generally  the  methodology 
outlined  below.  Such  additional  strategies  may  easily  be 
designed  and  added  as  new  test  strategies  to  the  FITS 
system. 

The  three  strategies  are  applied  in  the  following 
sequence:  (1)  cold  circuit  (CC) , (2)  direct  current  (DC)  and 
(3)  user  defined  (UD)  strategies.  Pictorial  representations 
of  the  CC  and  DC  strategies  are  shown  in  Figure  4.9. 

In  the  cold  circuit  strategy  of  testing,  candidate  tests 
are  generated  which  will  measure  the  cold  circuit  (i.e.,  all 
power  supplies  disconnected)  impedence  of  the  UUT  across  its 
test  terminals. 


If  the  power  supply  is 
a current  source,  measure 
the  voltage  across  It 
and  also  measure  the 
voltage  at  all  other  test 
terminals . 


Peer  Defined  StrateCT;  Any  test  which  can  be  realized  by  the  clrexilt 
analysis  j^ogram  with  the  *WORST  case  analysis. 


figure  4.9  Pictorial  Representation  of  Gindidate 
Tests  and  the  Test  Strategies  in  TITS 
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In  the  direct  current  strategy,  the  power  supplies  of  the 
UUT  are  connected,  and  then,  the  voltage  levels  at  the  test 
terminals  and  current  through  power  supplies  are  measured. 
Finally,  in  the  user  defined  test  strategy  the  tests,  as 
defined  by  the  user  in  the  initial  conditions  input,  are 
evaluated.  The  user  defined  tests  follow  generally  the 
methodolgy  used  in  the  CC  and  DC  strategies.  The  only 
restriction  on  the  user  defined  test  strategy  is  that  the 
measurement  made  on  a UUT  should  be  representable  by  a range 
of  measurements.  Thus,  the  user  can  perform  frequency  (AC), 
and  transient  (TR)  analysis  tests  on  the  UUT.  These  type  of 
tests  are  inherently  difficult  to  automate  because  of  the 
large  number  of  possibilities  and  usefullness. 

The  tests  to  be  simulated  are  saved  in  the  candidate 
tests  libraries  as  described  in  Sections  4.1.6  and  4.1.7. 
Whenever  a measurement  is  found  by  the  CANA  orogram,  the 
result  is  expressed  in  terms  of  minimum  and  maximum 
worst-case  range  of  values  (see  Section  5.5).  If  the  UUT 
has  several  initial  conditions  such  as  different  positions 
of  mechanical  switches,  or  variable  resistances,  each  one  is 
considered  to  be  a distinct  initial  state  of  the  UUT,  and 
the  above  strategies  are  repeated  for  each  initial  state. 

The  NAP2  candidate  tests  library  file  contains 
instructions  to  the  circuit  analysis  program  NAP2  to  simulate 
the  circuit  response  to  a desired  test  (stimulus  and  mea- 
surement) when  the  UUT  has  one  of  the  failures  defined  in  the 
dictionary.  The  meaning  of  a test  in  this  section  is  no 


longer  a physical  arrangement  of  the  ATE,  but  a description 
of  the  stimulus  and  measurement  devices  as  simplified 
equivalent  circuit  components  or  functions.  For  example, 
even  though  a measurement  device  such  as  a voltmeter  is  a 
complex  device,  it  is  usually  described  as  an  idealized 
voltmeter  which  has  no  loading  effect  on  the  circuit.  The 
measurement  taken  by  such  a meter  is  found  by  the  circuit 
analysis  program  as  the  voltage  difference  across  two  nodes 
of  the  circuit. 

V^hen  a test  is  to  be  simulated  by  the  NAP2  program  the 
following  information  is  supplied  as  input  (see  Figure  4.9): 

1.  Nominal  circuit  description; 

2.  Definition  of  a failure  which  changes  the  nominal 
circuit  description  to  make  it  represent  the  (JOT  with  a 
known  failure  mode; 

3.  Description  of  the  stimulus  and  measurement  devices  and 
their  connections  to  the  circuit; 

4.  Type  of  analysis  to  be  performed  by  the  CANA  program  to 
find  the  symptoms  of  failure.  In  this  implementation 
only  DC  worst-case  analysis  is  performed; 

5.  A "RUN"  command  to  the  program  to  simulate  the  circuit 
described. 

The  range  of  values  a measurement  can  take  is 
calculated  with  the  circuit  analysis  program  by  performing 
worst-case  analysis.  Worst  case  measurements  are  specified 
with  minimum  and  maximum  limits.  These  limits  are  obtained 
after  perturbing  all  the  nominal  values  of  the  circuit 


components  to  their  tolerance  limits  (if  they  have  any  specified)  dependinji 
on  the  sign  ol  the  sensitivity  of  the  measurement  to  the  component  value, 
lliese  concepts  are  described  further  in  Section  5.5. 

Ihe  data  obtained  tresn  the  simulation  of  tlie  above  input  to  the  tlANA 
program  gives  the  symptom  of  a single  failure  mode.  It  is,  tlicrefore,  re- 
peated for  all  failure  mcxles  in  order  to  be  able  to  completely  specify  a test 
in  the  failure  symptoms  table  (Table  4.5). 

4.1.6  NAP2  Candidate  Tests  Library 

WAP2  candidate  tests  library  is  a file  produced  by  the 
candidate  tests  generator  program.  It  contains  all  the 
necessary  instructions  for  the  circuit  analysis  program  to 
simulate  a test  and  measure  the  response  of  the  UUT  to 
stimuli  when  it  has  one  of  the  failures  defined  in  the 
dictionary.  The  organization  of  this  file  is  shown  in 
Figure  4.10.  First,  the  nominal  circuit  description  is 
written.  It  is  followed  by  the  statements  which  modify  the 
nominal  circuit  description  to  incorporate  a failure  mode. 
Then,  circuit  equivalent  descriptions  of  the  stimulus  and 
measurement  devices  are  written.  The  type  of  analysis 
(which  is  a function  of  the  measurement  and  test  strategy) 
is  included.  It  is  followed  by  an  identification  of  the 
input  which  is  used  to  identify  the  results  in  the  circuit 
analysis  output  file.  Finally  the  "run"  instruction  to 
simulate  the  above  circuit  description  is  given. 

For  each  candidate  test,  all  of  the  failure  modes  which 
are  in  the  failure  dictionary  are  put  into  this  file  one 
after  another. 
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►CIKCOIT 


RE12V  5 0 0 E 12 


•SAVE 

•DC  •WORST  VN1 

:*  1 1 1 

•RUN 

•LOAD 

.R1  > 1.0E9 

•DC  •WORST  VN1 
:*  1 1 2 
•RON 


} 

1 


} 


start  a new  circuit  description 
nominal  circuit  description 

stimulus  description 

save  circuit  file  for  later  use 

circuit  analysis  type  and  quantity  to 
be  measured 

stimulus,  measurement,  failure  mode  (nominal)! 
start  analysis 

copy  back  original  circuit  and  stimulus 

failure  definition  changing  the  nominal 
circuit 
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Figure  4,10  NAP2  Candidate  Tests  Library  Organization 
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4,1,7  NOPAL  Candidate  Tests  Library 

In  addition  to  the  candidate  tests  library  which  is 
written  in  the  NAP2  language,  the  same  test  specifications 
are  produced  in  NOPAL  language  and  placed  in  another  file 
(see  Figure  4,11),  This  file  contains  partial  test  modules 
including  only  the  stimulus,  measurement,  and  message 
statements  for  a test.  The  remaining  parts  of  a test 
specification  (assertion  and  logic  sections)  ate  filled 
later  when  the  final  NOPAL  output  is  being  produced.  Only 
the  useful  tests  appear  in  the  final  output, 

4,2  Failure  Simulation  and  Symptom  Generation 

During  this  process,  the  behavior  of  the  UUT  is  simulated 
with  the  circuit  analysis  program  NAP2  (P3)  for  the  test 
strategies,  and  for  each  one  of  the  failure  modes,  and  the 
nominal  mode  as  enumerated  in  the  NAP2  candidate  tests 
library.  The  results  of  NAP2  simulation  are  saved  in  a 
permanent  file.  This  file  is  read  by  the  failure  symptom 
generator  program  (P4),  Then,  the  failure  symptom  table  is 
produced.  These  two  programs  are  described  below. 


4,2,1  Computer  Aided  Network  Analysis 

A computer  aided  network  analysis  (CANA)  program  is  a 
computer  aided  design  system  which  enables  the  user  to 
simulate  the  behavior  of  electronic  circuits,  A CANA 


program  uses  the  topological  description  and  the  component 


/•  TeST  module  < 2t  If  1)  - Ct  STDATECT 
TEST  1 ; 

stimuli  i(  1)  : 

/•  THIS  IS  AM  IMPEOENCE  MEASUREMENT  TEST  - NO  STIMULUS  IS  USED  •/ 
MEASUREMENT  2(  1)  ; 

conjunction  ( 21  : 

( < J1  B , Jl  A > OHM  ■ OHMMETER  ( ZJ1  8 1 OHM  ) ) 

TAR6CT  : 2J1_8_1  ; 


#•  TEST  MODULE  ( 22,  A,  2*1  - USER  DEEINED  TEST  

TEST  2*  ; 

STIMULI  *7(  2*1  ; 

conjunction  ( *7)  : 

I < Jl_6  f JT_a  > amp  « JSUPPLT  { 1.0E-D  AMP  , 1 .CE-6  MHO  > J 
MEASUREMENT  48(  2*1  ; 

conjunction  ( *3)  : 

C < Jl  G , Jl  B > VOlT  » VOLTMETER  < Wjl  63  VOLT  I ) ; 

TARGET  : VJl  G3  ; 


/•  TEST  module  < 1,  If  29)  - DC  STRATEGT  •••••••• f • f f / 

TEST  29  ; 

STIMULI  S7<  29)  ; 

conjunction  ( 37)  : 

( < J1_*  , Jl  a > VOLT  » ESUPPLT  ( 2*.0  VOLT  , 0.01  OHM  ) ) t 

( < J1_E  , Jl2<*  * TOLT  » ESUPPLT  ( 15.0  VOLT  , 0.01  OHM  ) ) t 

( < JI^G  f JI^O  > volt  » ESUPPLT  < 29.0  VOLT  , 0.01  OHM  ) ) S 

< < JIIh  , Jl^a  > VOLT  • ESUPPLT  < 24.0  VOLT  , 0.01  Ohm  ) ) ; 

MEASUREMENT  5S(  29)  ; 

conjunction  ( 53)  : 

( < Jl  A , Jl  B > volt  * VOLTMETER  ( VJl  A 29  VOLT  ) ) 

TARGET'r  V-1_A_29  ; 

MESSAGE  ( 29):'TH1S  IS  A SIMPLE  TEST  OE  POhERING  THE  UUT  HITH  NOMINAL 


Figure  4.11  NOPAL  Candidate  Tests  Library 


values  of  a circuit  to  formulate  network  equations  which  are 
then  solved  by  numerical  methods.  CANA  programs  provide 
solutions  in  steady  state^  time  domain,  and  frequency 
domain.  Additional  analysis  capabilities  may  include 
network  sensitivity,  worst-case,  Monte  Carlo  analysis  and 
optimal  design.  Most  of  the  CANA  programs  are  implemented 
in  the  FORTRAN  programming  language.  EXTENDED  SCEPTRE 
( 77  1 , SPICE2  ( 78  ] and  NET-II  [ 79  1 are  some  of  the 
circuit  analysis  programs  which  have  a large  number  of 
analysis  capabilities. 

In  this  implementation  of  the  FITS  system,  the  NAP2 
circuit  analysis  program  { 67  ] is  used.  The  NAP2  program  is 
incorporated  into  the  FITS  system  without  any  internal 
changes.  This  choice  makes  it  possible  to  use  the  most 
recent  version  of  the  program  without  any  changes  in  the 
FITS  system.  It  is  possible  to  change  this  circuit  analysis 
program  with  another  by  simply  making  minor  syntactic 
changes  in  the  candidate  tests  generator  and  failure  symptom 
generator  programs. 

NAP2  program  was  selected  because  it  can  be  executed 
interactively  on  the  computers  where  the  FITS  system  is 
developed.  It  has  fast  response  time  and  provides  the 
options  needed  by  the  FITS  systems  in  a convenient  fashion. 

The  input  to  the  circuit  analysis  program  is  the  NAP2 
candidate  tests  library  file.  The  output  of  the  circuit 
analysis  is  stored  in  a permanent  file  for  later  reference. 
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4.2.2  Generation  of  the  Failure  Symptom  Table 

Because  the  NAP2  program  is  not  internally  modified,  its  output  also 
contains  irrelevant  information  for  the  purposes  of  fault  isolation.  The 
output  of  the  simulation  is  scanned  by  the  failure  symptom  generation  program 
(P4)  to  extract  only  the  information  needed  in  the  failure  symptom  table. 

The  organization  of  this  table  (Table  4.5)  is  explained  in  the  next  section. 
If  any  numerical  analysis  problems  are  encountered,  the  user  is  warned  about 
their  existence.  It  is  the  user's  responsibility  to  remove  the  conditions 
which  cause  numerical  difficulties. 


I 

1 


! 

1 
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4.2.3  Failure  Symptom  Table 

The  failure  symptom  table  is  generated  after  a test  is  simulated  for 
all  failure  modes  of  the  UUT.  It  contains  the  following  information  (see 
Table  4.5):  (1)  stimulus  identification,  (2)  measurement  Identification, 

(3)  name  of  the  quantity  measured  (target  variable),  and  (4)  the  range  of 
values  measured  at  the  indicated  test  terminal  when  the  UUT  has  a failure. 
Six  measurements  are  available  after  circuit  simulation.  They  are  tabulated 
in  the  following  sequence:  (1)  nominal  measurement,  (2)  minimum  worst  case, 
(3)  maximum  worst  case,  (4)  nominal  root  sum  square  (RSS)  sensitivity, 

(5)  RSS  sensitivity  at  minimum  worst  case,  and  (6)  RSS  sensitivity  at 
maximum  worst  case. 

The  possible  range  of  measurements  at  a specified  test  terminal  of  a 
UUT  with  a known  failure  mode  is  called  a failure  symptom. 

Table  4.5  shows  a partial  listing  from  the  failure  symptom  table  of 
the  CPS  example.  The  complete  table  is  about  10  pages  long.  Since  this  is 
an  internal  data  structure  transparent  to  the  user,  it  is  not  described 
further. 


ii 

j 


82 


) 

^ 4,3  Decision  Limit  Determination  and  Ambiguity  Analysis 


I 


The  two  processes  in  this 
recognizable  decision  limits  and 
fault  isolation  attainable  using 
processes  are  described  below. 


section  determine  easily 
calculate  the  level  of 
these  limits.  These  two 
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4.3.1  Decision  Limit  Finder 

The  process  P5  involves  finding  regions  of  normal  and 
malfunctioning  operation.  The  inputs  to  the  process  are  the 
failure  symptom  table  and  the  accuracy  specifications.  The 
two  outputs  produced  are  the  assertion  limit  and  binary 
valued  decoder  table,  and  the  test  limit  and  multiple  valued 
decoder  table.  Figure  4,12  illustrates  how  this  process 
combines  similar  failure  symptoms  together  to  find  easily 
recognizable  ranges  of  measurement  to  identify  groups  of 
failures.  The  minimum  and  maximum  limits  of  values  of 
measurements  at  the  test  terminals  (symptoms)  of  each 
failure  due  to  a stimulus,  as  found  by  circuit  simulation, 
are  not  exactly  what  a measurement  device  would  show  because 
the  ranges  are  initially  calculated  to  a relatively  high 
number  of  significant  digits  (typically  six).  It  is 
unreasonable  to  expect  such  high  accuracy  from  most  test 
equipment.  In  order  to  allow  measurement  tolerance  (note 
this  is  different  from  loading  effects)  , the  analog  and 
digital  natures  of  measurement  devices  are  considered. 

8A 
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Measured 
Quantity  M] 


Failure  Syaptom 

Failure  symptoms  are  obtained  by  perfomlns  worst-case 
analysis  with  a circuit  analysis  program. 


Assertion  Halts 

Nonoverlappliig  regions  determine  assertion  limits.  Noi 
regions  are  found  after  introducing  measurement  device 
(I.C.,  scale  inaccuracy,  number  of  significant  digits, 
discrimination.  . > , 


Tests  1 and  2 as  shown  above  determine  the 
following  decoder  matrix. 


Li  2 2 \ 1 J •«— Diagnosis  selection  by 

. disjunctions 

I (Diagnosis  selection  by 

nconj unctions 

^2i  ^3  Isolated  by  these  two  tests; 

possible  to  distinguish  between  F4  and  F5. 


Observe  that  F, 
however  It  Is  no' 


Figure  4.12  Pictorial  Representation  of  Regions 


Fl, 

"I 

F4.  F5 

F2.  F3 

First  very  small  measurement  limits  below  a threshold  level 


are  eliminated  (zero  discrimination).  The  reason  for  this 
was  explained  in  Section  4. 1,1. 4.  Then,  each  measurement 
limit  is  adjusted  so  that  whatever  the  measurement  device 
shows  because  of  the  "scale  inaccuracy"  is  covered  in  the 
modified  ranqe.  This  is  done  by  increasing  the  upper  limit 
and  decreasing  the  lower  limit  proportionally  to  the  scale 
inaccuracy  of  the  measurement  device.  When  the  tests  are 
performed  in  conjunction  with  an  ATE,  the  analog  quantities 
are  eventually  converted  to  digital  numbers  which  are 
displayed  on  digital  meter  panels  and  communicated  to  a 
digital  computer  for  diagnosis  purpose.  Therefore,  the 
numbers  are  rounded  up  or  down  to  reflect  this  digitization 
effect.  Most  digital  meters  have  better  than  3-digit 
accuracy. 

After  these  initial  adjustments  are  made,  the  algorithm 
proceeds  to  find  the  extent  of  regions  so  that  they  do  not 
overlap.  The  upper  and  lower  limits  of  each  region  are  used 
to  generate  an  assertion.  Thus  a measurement,  depending  on 
the  stimulus,  failures  and  UUT,  may  yield  from  1 to  N 
assertions,  where  N is  the  number  of  failure  modes  contained 
in  the  failure  dictionary.  If  there  is  only  one  assertion, 
it  means  that  all  symptoms  overlap  and  the  measurement  is 
totally  useless  for  diagnostic  purposes.  If  there  are  N 
assertions  (which  is  unlikely  to  hapoen) , searching  for  more 
testtmay  stop  right  there,  since  there  will  be  one  assertion 

to  isolate  each  failure  mode.  The  assertions  are  numbered 
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sequentially  as  they  are  created.  The  sequence  numbers  are 
called  assertion  designation  numbers . They  are  used  to 
identify  the  assertion  limits. 

After  the  assertion  limits  are  found,  the  failure  symptoms 
which  fall  into  these  ranges  are  identified  in  the  failure 
decoder  section  of  the  Assertion  Limit  and  Binary  Valued 
Decoder  Table  (Table  4.6).  The  rows  of  this  table  are 
identified  by  the  stimulus,  measurement  and  an  assertion 
designation  number.  The  columns  are  labelled  by  the  failure 
mode  sequence  numbers.  If  a failure  has  its  symptom  in  the 
specified  range  of  an  assertion,  then  the  entry  in  the 
corresponding  column  is  "1"  indicating  "true".  If  it  is  not 
in  this  range,  then  the  entry  is  "0"  indicating  "false". 

The  primary  purpose  of  the  test  limit  and  multiple  valued 
decoder  table  is  to  provide  a summary  of  the  longer  binary 
valued  diagnosis  table.  It  also  helps  to  save  computer  time 
during  the  optimization  processes. 

In  this  process,  the  user  has  several  options  to  control 
and  experiment  with  the  assertions  created.  One  of  these 
options  effectively  deletes  all  of  the  symptoms  of  a failure 
from  consideration.  Another  option  makes  it  possible  to 
equivalence  failures  by  overriding  the  simulation  results. 
The  implications  of  these  modifications  are  problem 
dependent.  They  are  provided  to  aid  the  user  to  understand 
how  important  are  some  failure  symptoms  in  determining  the 
fault  isolation  level. 

Another  option  makes  it  possible  to  list  the  assertions  and 
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the  tests  in  increasinq  sensitivity  order.  The  average  root 
sum  square  sensitivity  of  the  measurements  belonging  to  the 
group  of  failures  in  an  assertion  (or  test)  is  indicative  of 
the  dependence  of  the  measurement  on  the  component  values 
and  their  tolerances.  Larger  sensitivity  when  compared  to 
smaller  sensitivity  implies  that  the  measurement  obtained 
changes  more  rapidly  with  respect  to  component  values  and 
failure  modes.  Intuitively,  it  appears  that  a measurement 
with  smaller  sensitivity  should  be  preferred  to  another 
measurement  with  higher  sensitivity  because  the  measurement 
in  this  case  is  not  expected  to  change  significantly  with 
small  changes  in  component  values  and  tolerances.  However, 
this  argument  cannot  be  generalized  because  sensitivity,  by 
definition,  is  a local  behavior.  These  concepts  are 
explained  more  in  Section  5.5. 

The  default  options  to  test  limit  finding  program  are  set 
so  that  the  tables  list  the  assertions  in  the  order  they  are 
created.  If  the  user  wishes  to  sort  the  assertions  or  tests 
in  increasing  sensitivity  order,  then  one  of  the  sorting 
strategies  as  described  in  Table  4,3  may  be  selected,  FITS 
then  will  give  preference  to  the  assertions  and  tests  which 
have  lower  sensitivity  to  be  used  in  fault  isolation.  Of 
course,  its  likely  that  there  will  be  some  additional  tests 
performed  when  this  option  is  used. 


HO 


4.3.2  Assertion  Limit  and  Binary  Valued  Decoder  Table 

Decision  limit  determination  algorithm  uses  the  failure 
symptoms  to  partition  the  range  of  measurement  values  for 
each  test.  The  lower  and  upper  limits  of  these  ranges  are 
called  assertion  limits.  A statement  which  checks  whether  a 
measurement  taken  at  a test  terminal  falls  within  these 
limits  is  called  an  assertion.  The  alaorithm  also 
identifies  the  failure  modes  whose  symptoms  lie  within  the 
assertion  limits.  All  of  this  information  is  displayed  in 
the  assertion  limit  and  binary  valued  decoder  table  (see 
Table  4.6).  In  this  table,  the  first  column  shows  the 
sequence  number  of  the  assertion.  The  stimulus, 
measurement,  and  target  variable  columns  are  same  as  the 
failure  symptom  table.  For  each  assertion  which  can  be  made 
from  a test,  a new  row  is  created.  Each  assertion  of  a test 
is  assigned  a unique  designation  number . The  assertion 
limits  are  entered  under  the  lower  and  upoer  limit  columns. 
The  average  root-sum-square  (RSS)  sensitivity  of  the  failure 
symptoms  in  this  assertion  range  are  placed  under  the 
sensitivity  column.  In  the  decoder  section  of  this  table 
(binary  valued  decoder  matrix) , the  columns  are  labelled  by 
the  failure  mode  sequence  number.  The  failures  whose 
symptoms  fall  into  the  assertion  ranges  have  a "1"  entry  in 
their  columns.  All  other  failures  have  a "0"  entry 
indicating  that  their  symptoms  are  not  in  this  assertion 


range 


4,3.3  Test  Limit  and  Multiple  Valued  Decoder  Table 


A smaller  version  of  the  above  table  is  called  the  test 
1 imit  and  multiple  valued  decoder  table.  As  it  can  be  seen 
in  Table  4.7,  it  has  the  same  organization  as  the  first 
table.  The  first  column  gives  the  starting  sequence  number 
of  the  first  assertion  of  a test  in  the  first  table. 
Stimulus,  measurement  and  target  variables  are  identical  to 
the  first.  "DESIG"  column  gives  the  total  number  of 
assertions  of  this  test.  Lower  and  uoper  limits  given  are 
the  absolute  minimum  and  maximum  measurements  for  this  test. 
If  desired,  they  may  be  used  as  protection  limits. 
Sensitivity  column  shows  the  average  RSS  sensitivity  of  all 
failure  symptoms  for  this  test.  The  diagnosis  section  of 
this  table  (multiple  valued  decoder  matrix)  shows  the 
designation  number  of  the  assertion  which  contain  the 
symptoms  of  the  failure  mode  of  the  corresponding  column. 

The  rows  of  the  decoder  matrices  are  called  (multiple  or 
binary  valued)  failure  diagnosis  vectors.  The  columns  are 
called  (multiple  or  binary  valued)  failure  address  vectors. 
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4.3.4  Ambiguity  Analysis 


After  Process  P5  is  finished,  it  is  possible  to  evaluate 
all  accumulated  diagnosis  information  to  determine  the  level 
of  fault  isolation.  The  input  to  Process  P6  can  be  a binary 
or  multiple  valued  decoder  matrix.  Process  P6  uses  the 
failure  address  vectors  of  the  decoder  matrix  described  in 
Sections  4.3.2  and  4.3.3  to  evaluate  the  ambiguity  level 
achieved  to  determine  if  the  test  objectives  are  satisfied 
(see  Section  4. 1.1.4).  If  two  failures  have  identical 
address  vectors,  they  cannot  be  distinguished  from  one 
another.  If  one  of  them  happens  to  be  the  nominal  mode  (by 
notation  failure  number  1 is  the  nominal  mode) , then  another 
failure  with  the  same  address  vector  is  not  diaonosable. 
The  relation  among  a set  of  failure  modes  which  have 
identical  address  vectors  is  called  an  equivalence  relation. 
The  concept  of  equivalent  classes  of  failures  was  introduced 
in  Section  4.1. 1.4  and  was  explained  with  the  aid  of  a graph 
(see  Figure  4.5). 

Process  P6  performs  an  ambiguity  analysis  indicating 
what  percentage  of  the  failures  are  diagnosed,  and  how  the 
diagnosed  failures  are  isolated  into  equivalence  classes. 
If  at  this  stage,  the  level  of  fault  isolation  is  found  to 
be  unsatisfactory,  the  next  set  of  tests  of  the  next 
candidate  testing  strategy  is  initiated  and  evaluated 
similarly,  starting  from  P3.  After  satisfactory  fault 
isolation  is  achieved,  or  after  all  possible  test  strategies 

are  exhausted,  control  transfers  to  the  optimization  process 
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P7,  The  outputs  of  Process  P6  are  the  ambiquity  report  (see 
Table  4.8),  and  the  ambiquity  summary  (see  Table  4.9). 

4.3.5  Ambiquity  Report 

The  result  of  fault  Isolation  Is  presented  as  an 
ambiquity  report  as  shown  In  Table  4.8.  Each  row  Identifies 
a qroup  of  failures  Isolated  Into  equivalent  classes.  The 
first  column  qlves  the  ambiquity  class  name.  The  same  name 
is  used  throuqhout  the  remainder  of  the  outputs  to  refer  to 
this  class  of  failures.  The  second  column,  k-ambiquity, 
qlves  the  ambiquity  of  this  class;  that  is,  the  number  of 
failure  modes  found  In  the  class.  The  next  two  columns 
provide  statistical  information.  First,  the  oercentaqe  of 
failures  isolated  in  this  class  is  given.  Next  to  it  is  the 
the  cumulative  percentaqe  of  failures  identified  up  to  this 
class.  The  last  column  contains  the  list  of  the  sequence 
numbers  of  the  failure  modes  isolated  in  this  equivalence 
class. 

The  first  row  of  the  ambiquity  report  has  a special 
interpretation.  It^  identifies  the  nominal  mode  (no 
failures)  of  the  UUT.  If  the  testing  cannot  assure  100% 
diagnosis,  then  -the  failures  which  cannot  be  distinguished 
from  the  nominal  are  listed  in  the  second  row.  Since  the 
existance  of  nondiaqnosable  failure  modes  implies  no 
isolation  as  well,  this  class  is  not  included  in  cumulative 
fault  isolation  percentaqe. 
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TABLE  4.8  AMBIGUITY  REPORT  (Continued) 


TABLE  4.8  ^VMBIGUITY  REPORT  (Continued) 


4.3.6  Ambiqaity  Summary 


The  ambiquity  report  is  orqanized  sliahtly  differr"' 
to  present  a summary  of  the  fault  isolation  l<*vel. 
isolation  summary  obtained  from  Table  4.B  is  shown  in  T•^ 
4.^.  The  first  column  qives  the  ambiquity  level. 
second  column  shows  what  the  desired  level  of  cumulati- 
fault  isolation  percentage  is  for  this  ambiquity  level. 
third  column  shows  the  achieved  level  of  cumulative  fs  t 
isolation  percentaqe.  The  fourth  column  shows  w •* 
percentage  of  the  total  number  of  failures  have  this  levr 
of  ambiquity.  The  last  column  qives  the  numL.»»c  of  cIj;  >* 
which  have  the  same  ambiquity.  The  fault  isolation  sum-j*. 
may  be  used  to  plot  the  fault  isolation  curve  described  i 
Section  4. 1.1. 4. 

j 
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TABLE  4.9  AMBIGUITY  SUMMARY 


j FAULT  ISOLATION  SUMMARY 

'i  i 

DESIRED  AND  ACHIEVED  LEVEL  OF  CUMULATIVE 
FAULT  ISOLATION  PERCENTAGE 


NUMBER  OF  FAILURE  MOOES  : 67 

NUMBER  OF  TESTS  : 17 

NUMBER  OF  EQUIV.  CLASSES  : 34 

DESIRED  LEVEL  OF  DIAGNOSIS:  80.0% 

ACHIEVED  LEVEL  OF  DIAGNOSIS:  80.6% 

FAULT  ISOLATION  IS  SATISFACTORY. 
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4.4  Optimization  to  Minimize  Test  Lenoth 


The  purpose  of  Process  P7  is  to  reduce  the  number  of 
tests  to  be  performed  without  loss  of  fault  diaqnosis  and 
isolation  capability.  There  are  three  optimization  steps. 
First,  the  total  number  of  test  setups  is  minimized  since 
setup  for  a test  consumes  the  longest  time  in  actual 
testing.  Second,  only  the  necessary  assertions  of  the 
remaining  tests  are  retained.  Finally,  diaqnosis  selection 
logic  statements  are  found  such  that  only  the  minimum  number 
of  tests  in  the  remaining  set  are  performed  to  diagnose  and 
isolate  each  equivalence  class. 

The  first  two  considerations  are  attained  by  the  same 
algorithm.  The  approach  in  the  algorithm  is  to  create  a 
fault  isolation  tree  (see  Figure  4.13).  The  nodes  of  the 
fault  isolation  tree  represent  the  failure  equivalence 
classes  as  determined  by  the  outcomes  of  tests.  The 
branches  coming  out  of  each  node  are  labelled  by  the  test 
outcomes.  Each  branch  links  to  a lower  level  node 
containing  a disjoint  subset  of  the  failures  present  in  the 
parent  node.  The  smaller  equivalence  classes  are  determined 
by  the  restriction  of  test  outcome  which  also  names  the 
branch  pointing  to  this  node. 
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Plqur#  4.13  fault  Iaolation  Trae 


Two  types  of  outcomes  are  possible  depending  on  the 
optimization  step.  If  a test  consists  of  a stimulus  and 
measurement  specification  (as  in  the  setup  minimization 
step),  the  outcome  is  defined  as  the  desiqnation  number  of 


the  assertion  which  evaluates  to  true  after  the  test  is 
performed.  Tests  of  this  type  have  multiple  valued 
diagnosis  vectors  whose  entries  are  the  designation  numbers 
of  the  assertions  (see  Table  4.7).  If  the  test  consists  of 
one  stimulus-measurement  pair  and  one  assertion 
specification  (as  in  the  assertion  minimization  step),  the 
outcome  is  defined  as  the  truth  value  of  the  assertion  (i.e., 
true  or  false) . Tests  of  this  type  have  binary  valued 
diagnosis  vectors  whose  entries  are  1 if  the  assertion 
evaluates  to  true,  or  0 if  the  assertion  evaluates  to  false 
(see  Table  4.6).  A branch  of  the  fault  isolation  tree  is 
selected  depending  on  the  outcome  of  a test. 

The  leaves  of  the  tree  are  the  resultant  equivalence 
classes  after  testing  is  finished.  Therefore,  the  leaves  of 
the  tree  indicate  the  final  fault  isolation  achieved.  Any 
one  of  the  failure  modes  included  in  each  leaf  may  be  the 
possible  cause  of  the  failure  of  a UUT. 

There  are  many  ways  to  create  this  tree.  The  approach 
taken  here  is  to  create  a balanced  tree  with  respect  to  the 
number  of  failures  included  in  each  node;  that  is,  the  test 
at  each  level  is  selected  so  that  nearly  equal  number  of 
failure  modes  are  isolated  at  each  node  of  the  next  depth. 

This  approach  has  the  advantage  of  avoiding  an  exhaustive 
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search  in  the  tree  construction. 

It  is  assumed  that  all  failures  are  equally  likely.  It 
is  possible  to  assign  a relative  frequency  index  to  each 
failure  mode.  This  option  would  force  the  tree  construction 
algorithm  to  include  the  tests  which  tend  to  isolate  the 
failures  with  the  higher  frequency  of  occurrance  earlier 
(i.e.^  with  fewer  tests).  Therefore,  if  there  are  tests 
which  make  it  possible  to  isolate  these  particular  failures 
before  others,  such  tests  will  be  given  precedence  in  the 
tree  (they  will  be  closer  to  the  root  node).  However,  this 
requirement  may  result  in  introducing  additional  tests  into 
the  specifications,  which  otherwise  would  not  be  present. 
Since  the  bottom  part  of  NOPAL  already  provides  a similar 
option  to  optimize  the  execution  sequence  of  the  tests,  this 
option  is  not  implemented  into  the  top  part  of  NOPAL. 


1. 


2. 


The  fault  isolation  tree  is  created  as  follows; 

(Initialization]  Place  the  names  of  all  the  failure 
modes  of  the  failure  dictionary  into  the  root  node. 

(Determine  which  test  will  be  used  to  define  the 
branches  out  of  the  root  node]  The  first  test  to  be 
accepted  is  the  one  whose  diagnosis  vector  yields  the 
highest  entropy  (information  content).  The  entropy  is 
defined  as: 


n 


J.( 

k|j  is  the  number  of  failure  modes  diagnosed  in  the 
equivalence  class  determined  by  the  outcome  of  test  T^ . 
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is  the  total  number  of  failure  modesj  "n"  is  the 


number  of  equivalence  classes  formed  by  the  restriction 
of  the  outcomes  of  test  , If  the  diaonosis  vector  is 
binary  valued,  then  a node  can  split  at  most  into  two. 
In  the  case  of  multiple  valued  diagnosis  vectors,  a 
node  can  split  to  m new  nodes  where  m is  the  number  of 
outcomes  of  that  test  (i.e.^  maximum  designation 
number ) . 

3.  [Find  the  smaller  equivalence  classes)  Using  the 

diagnosis  vector  of  the  test  which  yields  the  highest 
entropy,  construct  the  distinct  equivalence  classes 
(nodes)  at  the  next  depth  of  the  tree  and  label  the 
branches  coming  out  of  each  node  from  the  upper  level 
to  the  lower  level. 

4.  (Find  the  next  test  with  the  highest  entropy)  Given  the 

equivalence  classes  found  in  Step  3,  find  the  next  test 
(diagnosis  vector)  which  gives  the  highest  entropy. 
This  entropy  is  called  the  joint  entropy  and  calculated 
as  defined  in  Step  2. 

5.  (Check  for  termination)  If  the  joint  entropy  has  not 

increased  or  all  tests  have  been  utilized,  then  best 
fault  isolation  possible  is  reached,  therefore, 
terminate.  Otherwise,  repeat  starting  from  Step  3. 

The  tree  construction  stops  when  the  tests  can  no  longer 
split  the  remaining  nodes.  After  the  termination  of  the 
algorithm,  the  subsets  of  the  tests  used  in  the  tree 
construction  are  sufficient  to  reach  the  same  fault 
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isolation  level  as  the  original  complete  set  of  tests. 

i ; 

I , 

II 

4.4.1  Minimization  of  the  Number  of  Test  Setups 

In  order  to  minimize  the  number  of  test  setups,  the 
multiple  valued  decoder  matrix  is  given  as  input  to  the 
above  described  program.  The  output  is  a reduced  version  of 
the  multiple  valued  decoder  matrix.  As  the  reader  will 
recall,  the  decoder  matrix  of  the  test  limit  and  multiple 
valued  decoder  table  contains  the  designation  numbers  of  the 
assertions  of  measurements.  This  results  in  forming  an 
n-ary  tree,  where  n may  be  as  large  as  the  number  of 
outcomes  of  a test.  Figure  4.14  shows  the  evaluation  of  the 
entropy  measure  for  the  tests  while  the  fault  isolation  tree 
is  being  constructed  for  the  UUT  CPS  example.  Figure  4.15 
shows  how  this  tree  looks  after  the  process  is 

completed. 
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Figure  4,14  Entropy  Evaluation  Output 
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4.4.2  Minimization  of  the  Number  of  Assertions 


During  the  second  minimization  step,  the  number  of 
assertions  is  minimized  using  the  binary  valued  decoder 
matrix  (see  Table  4.6)  with  the  tree  construction  algorithm 
described  above.  The  input  to  this  process  is  obtained 
after  transforming  each  of  the  multiple  valued  diagnosis 
vectors  in  the  reduced  matrix  to  binary  valued  diaqnosis 
vectors.  It  is  oossible  to  use  the  original  assertion  limit 
and  binary  valued  diagnosis  table  as  input;  however, 
significant  savings  in  computer  time  is  achieved  by  going 
through  two  applications  of  this  algorithm.  Using  binary 
valued  decoder  matrix  as  input  to  the  same  algorithm  results 
in  forming  a binary  tree,  because  the  outcome  of  a test  in 
this  case  may  only  be  "0"  or  "1". 

All  of  the  tests  which  are  referenced  by  the  branches  of 
the  fault  isolation  tree  need  to  be  included  in  the  NOPAL 
specifications  in  order  to  diagnose  all  of  the  failure 
modes.  However,  only  some  of  them  need  to  be  performed  to 
diagnose  a particular  failure  mode.  On  the  average,  the 
minimum  number  of  tests  to  isolate  each  equivalence  class  is 
found  by  using  the  above  described  algorithm.  It  is 
important  to  note  that  at  the  end  of  each  minimization,  the 
fault  isolation  level  is  the  same  as  can  be  obtained  using 
the  results  of  all  available  tests  from  simulation. 

During  these  two  minimization  processes,  the  assertions 
of  the  tests  which  do  not  form  branches  of  the  fault 
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isolation  tree  are  eliminated.  All  the  remaininq  tests  and 
assertions  which  define  branches  in  the  fault  isolation  tree 
must  be  performed  in  order  to  make  a decision  about  which 
failure  mode  to  isolate.  This  is  an  overly  restrictive 
condition  because  the  same  diagnostic  information  relating 
to  a particular  equivalence  class  may  be  repeated  or  implied 
in  several  assertions.  This  is  readily  observed  with  the 
fault  isolation  tree.  For  example,  at  some  nodes  the 
outcome  of  the  referenced  test  will  not  cause  any  splitting 
to  take  place  (for  an  example  see  Figure  4.15).  Therefore, 
there  is  no  need  to  conduct  such  a test  when  a specific 
diagnosis  is  to  be  made.  The  oroperties  of  this  tree  could 
have  been  exploited  further  if  an  execution  sequence  for  the 
tests  were  desired. 


4.4.3  Minimization  of  the  Number  of  Tests  per  Diaqnosis 

Finally,  as  the  third  minimization  step,  a search  is  made 
for  each  equivalence  class  of  failures  (which  contains  the 
names  and  failure  functions  of  the  components  reported  to 
the  operator  as  the  probable  cause  of  failure  of  the  UUT)  to 
find  a minimum  length  join  of  assertions  which  is  sufficient 
to  distinguish  one  diagnosis  from  all  the  others.  The  input 
to  the  process  can  be  a multiple  or  binary  valued  decoder 
matrix.  The  output  is  a sparse  diagnosis  selection  logic 
matrix  which  is  the  basis  for  creating  the  NOPAL  table 
(Table  4.10)  . 

If  the  input  is  a multiple  valued  decoder  matrix,  then 
no  negated  diagnosis  selection  logic  operators  appear  in  the 
output.  This  approach  results  in  a larger  number  test 
modules  to  be  specified.  In  this  case  test  limits  become 
more  stringent  and  demand  that  all  measurements  lie  within 
some  predetermined  range  before  a diagnosis  is  made . This 
means  diagnosis  selection  is  based  only  on  the  passing  of 
tests  (i.e.,  using  GO-paths  only). 

When  the  input  is  a binary  valued  decoder  matrix,  negated 
diagnosis  selection  logic  operators  appear  in  the  diaqnosis 
selection  logic  matrix.  Thus,  failing  of  tests  (due  to 
measurements  which  do  not  lie  in  a specified  range)  are  also 
used  in  selecting  diagnoses.  Even  thouKli  this  approach 
minimizes  the  number  of  assertions  (therefore  the  number  of 
test  modules  in  the  NOPAL  output),  it  becomes  easier  to  make 


false  diaqnosis. 

The  method  used  in  this  process  is  related  to  the  concept 
of  Boolean  difference  (80  1.  The  Boolean  Difference  Method 

is  a technique  used  in  automatic  digital  circuit  fault 
diaqnosis  and  isolation  programs.  It  is  based  on  finding  an 
input  test  sequence  such  that  the  output  of  a circuit  will 
change  states  when  one  of  the  input  variables  changes  state 
due  to  a catastrophic  (stuck-at-1  or  stuck-at-0)  failure 
( 81,82  1. 

The  algorithm  which  finds  minimum  length  join  of 
assertions  is  described  below: 

Let  D be  a binary  or  multiple  valued  decoder  matrix 
obtained  from  the  optimization  Phase  2.  In  this  matrix 
merge  the  identical  columns  (failure  address  vectors)  so 
that  there  are  no  duplicate  columns.  The  distinct  column 
vectors  are  called  equivalence  class  address  vectors 
aj «fj  (t j ,t^ , . . . ,t^)  where  n is  the  number  of  assertions,  and 
j»l,2,...Nj  where  Nj  is  the  number  of  equivalence  classes 
(diagnoses) . 

The  purpose  of  this  algorithm  is  to  find  one  of  the 
shortest  length  substrings  in  the  conjunction  term  aj  which 
is  sufficient  to  distinguish  the  diaqnosis  selected  by  a^ 
from  all  other  possible  diagnoses. 

For  each  diagnosis  j,  (j»l,  ...,Nj)  do: 

1.  (For  all  combinations]  Let  S be  a vector  of  length  1 
whose  members  are  the  combination  of  1 integers 

(l»l,2,...n)  taken  out  of  n integers. 

1 1 2 


f 1 nil  f T- 


2.  (Select  a substrina]  Usinq  S to  index  a^ , 

d 

substring  dj  of  length  1 of  t^'s  in  aj  . 

3.  (Find  the  first  shortest  unique  substring)  Evaluate  t-- 

logic  expression; 

i»i 

for  each  combination  of  length  1.  The  TT  symbol  i* 
the  conjunction  (product)  operator  and  ^ is  tne 
not-equal  operator  as  usual. 

4.  (Expression  found)  The  first  for  which  the  above 

expression  evaluates  to  true  is  used  as  the  min:-;-' 
length  conjunction  of  tests  (or  assertions)  to  select 
diagnosis  j. 

The  effectiveness  of  the  minimization  aloorith'-s  was 
checked  for  several  cases.  One  example  initially  consiste-* 
of  17  test  setups  and  145  assertions  to  isolate  60  failur<» 
modes  into  40  equivalence  classes.  Only  8 test  setups  ar-* 
20  assertions  were  found  to  be  sufficient  to  achieve  tne 
same  fault  isolation  level  by  these  minimization  aloorith’-s. 
In  the  last  step*'  about  3 assertions  per  diagnosis  were  use  • 
to  isolate  each  equivalence  class.  The  shortest  diagnosis 
used  1 assertion  (1  test  setup)  and  the  longest  used 
assertions  ( also  7 test  setups).  The  output  of  the 
optimization  process  yields  a modified  version  of  the  test 
limit  and  decoder  table. 
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4.5  NOPAL  Output  Generation 


After  the  test  design  is  completed,  the  results  are 
outputted  in  two  different  forms.  (1)  The  first  output  is  a 
summary  of  the  test  modules  written  in  tabular  form.  (2) 
The  second  and  last  output  from  FITS  is  the  NOPAL 
specification  which  can  be  used  as  input  to  the  bottom  part. 

4.5.1  Output  Processors 

The  final  Process  P8  in  the  test  design  is  outputting  the 
test  specifications  and  diagnosis  selection  logic  statements 
in  tabular  form  (Table  4.10)  and  in  NOPAL  syntax  (Figure 
4.16).  The  input  to  Process  P8  is  prepared  in  the  third 
minimization  step.  This  input  is  essentially  the  assertion 
limit  and  binary  valued  diagnosis  table  which  has  been 
modified  sligthly  to  accommodate  the  "sparsity"  and  the 
diagnosis  selection  logic  with  conjunctions.  The  tabular 
form  is  used  for  the  user’s  convenience.  Examples  to 
tabular  representation  has  appeared  in  an  earlier  reoort 
( 73  1 . The  test  specifications  are  also  written  in  a string 
language  to  be  directly  given  as  input  to  the  bottom  part  of 
NOPAL.  A short  summary  of  statistics  such  as  the  number  of 
different  test  setups,  number  of  assertions,  number  of 
diagnosis  messages,  minimum  and  maximum  test  length,  and 
average  number  of  tests  per  diagnosis  are  also  provided. 

The  program  which  generates  the  NOPAL  soecif ications  is 
not  described  here.  What  it  does  is  essentially  to  write 
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the  test  sped  f ic>itions  in  NOPAL  lanquane  as  described  in 
the  NOPAL  user's  quide. 

The  last  two  test  modules  in  the  strir.^i  lanquaqe  output 
are  not  present  in  the  NOPAL  table.  They  are  used  to  send 
special  messages  to  the  operator.  The  first  one  checks  if 
the  nominal  mode  diagnosis  D was  selected.  It  is  done  by 
evaluating  the  expression  where  i's  are  the 

sequence  numbers  of  the  test  modules  used  to  select  D,  , t^ 
is  the  outcome  of  a test  module  and  a^^  is  the  outcome  in 
the  decoder  matrix  which  selects  D,  . If  this  expression 
evaluates  to  true,  then  the  UUT  is  in  the  nominal  state.  If 
the  expression  evaluates  to  false,  the  UUT  has  a failure. 
An  appropriate  message  follows. 

The  last  test  module  finds  if  any  one  of  the  diagnoses 

made  by  conjunctions  were  selected.  If  none  of  them  were 

selected,  then  an  error  message  is  sent.  The  logic 

expression  which  finds  this  condition  is  as  follows; 

L 

7f  x: 

When  the  above  expression  evaluates  to  true, it  means  that 
none  of  the  diagnoses  were  selected  by  conjunctions. 


1 KS 


4.5.2  NOPAL  Table  Output 


Table  4.10  shows  the  tabular  representation  of  test 
modules  for  the  CPS  example.  Each  row  in  this  table 
represents  a test  module.  Columnwise  the  table  is  seoarated 
into  two  sections;  (1)  on  the  left  side  is  the  test  module 
identification  section,  (2)  on  the  right  side  is  the 
diagnosis  selection  logic  section.  Under  the  test  module 
identification  section,  the  sequence  entry  gives  the 
original  sequence  number  of  the  assertion  as  it  appears  in 
the  assertion  limit  and  binary  valued  diagnosis  table.  The 
full  description  of  the  stimulus  and  measurement  whose 
identification  numbers  are  referenced  can  be  found  in  the 
candidate  tests  library.  The  assertion  whose  designation 
number  is  given  under  the  assertion  entry  can  be  found  from 
the  corresponding  sequence  number  of  the  assertion  limit 
table. 

Under  the  diagnosis  selection  logic  section , the  table  is 
divided  into  several  columns.  Each  column  is  labelled  by  an 
equivalence  class  name.  The  failures  which  are  in  these 
classes  are  identified  in  the  ambiguity  report.  These 
failures  become  the  affected  components  (and  failure 
functions)  in  the  diagnosis  message  sent  to  the  ATE 
operator . 

The  entries  under  their  columns  are  the  diagnosis 
selection  logic  operators  ( I , M , s , s.~i) . A diagnosis  may  be 
selected  by  the  disjunction  or  conjunction  of  test  modules. 


To  simplify  the  representation  they  are  shown  in  two 
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separate  columns.  The  column  on  the  left  side  contains  the 
operators  which  select  a diagnosis  by  disjunctions  (i.e., 
independently  of  other  test  modules).  The  column  on  the 
right  side  contains  the  operators  which  select  the  same 
diagnosis  with  conjuctions  (i.e.,  jointly  with  other  test 
modules).  If  the  outcome  of  an  assertion  of  a test  is  true, 
then  all  of  the  diagnoses  which  have  an  "|"  symbol  in  the 
disjunction  column  are  selected.  If  the  outcome  is  false, 
then  the  diagnoses  which  have  "ll"  symbol  are  selected. 
After  a diagnosis  is  selected,  a message  identifying  the 
failures  is  sent  to  the  operator  right  away.  However, 
before  a diagnosis  can  be  selected  by  conjunctions  ( •&”  or 
) all  of  the  test  modules  which  reference  this 
diagnosis  by  conjunctions  must  be  performed  and  the  outcomes 
must  accordingly  select  this  diagnosis.  The  use  of  the 
negation  symbol  (n)  reverses  the  logical  outcome  of  an 
assertion.  If  test  module  T^  selects  diagnosis  by 

disjunction  “1",  then  T^  has  to  evaluate  to  true  in  order  to 
select  . Similarly,  if  T^  selects  diagnosis  D by  negated 
disjunction  then  T^  has  to  evaluate  to  false  to  select 

diagnosis  D^.  The  same  type  of  negated  logic  is  extended  to 
selection  by  conjunctions.  A blank  entry  in  this  section  of 
the  table  means  that  the  outcome  of  a test  module  for  the 
corresponding  diagnosis  is  not  used  (i.e.,  don’t  care). 

It  should  be  observed  that  each  diagnosis  may  be 
selected  by  more  than  one  test  module  with  disjunctions. 
Throughout  the  complete  testing  only  one  diagnosis  can  be 


TABLE  4.10  NOPAL  Tabular  Specification 


selected  by  the  conjunction  of  test  modules.  One  of  the 
minimum  lenqth  test  conjunctions  does  the  selection.  If 
none  of  the  diagnoses  can  be  selected  by  conjunctions,  it 
means  that  there  is  an  obvious  error  in  testing.  The  most 
likely  error  is  the  existence  of  an  unknown  UUT  failure. 
Another  possibility  is  inaccurate  modelling  of  the  UUT  in 
the  circuit  analysis. 

If  the  testing  is  to  be  performed  manually,  this  table 
can  be  used  as  a checklist  to  select  the  aporopriate 
diagnoses, 

4,5,3  NOPAL  Specification  Output 

The  final  output  of  the  FITS  system  is  the  NOPAL  test 
specification  (see  Figure  4,6),  This  output  is  complete  in 
the  sense  that  it  can  be  used  as  input  to  the  bottom  part  of 
NOPAL  without  any  modifications.  The  complete  listing  is 
not  shown  in  Figure  4,6  because  it  is  about  2300  lines  long. 
Before  the  NOPAL  specification  starts,  the  input  files 
used  and  the  output  files  generated  are  summarized.  The 
name  of  a file  is  obtained  from  the  user  input.  The  date 
and  time  entries  show  when  a file  was  created.  Then  comes 
the  fault  isolation  summary.  The  organization  of  the 
summary  table  was  explained  in  Section  4,3.6.  The  lines 
after  the  summary  give  statistical  information  about  the 
test  design.  They  include  information  relating  to  diagnosis 
percentage,  longest  and  shortest  test  lengths  and  the 
average  number  of  assertions  used  to  select  a diagnosis. 
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The  statistics  are  self  explanatory  so  they  are  not 
described  further. 

The  first  NOPAL  statement  is  the  specification 
identification.  This  name  is  the  same  as  the  UUT  name.  Each 
test  module  is  identified  by  its  sequence  number.  The 
stimuli,  measurements  and  loqic  statements  belong  to  the 
parent  test  module  whose  sequence  number  is  given  in 
parentheses.  Stimuli  and  measurements  also  have  unique 
identification  numbers.  They  are  numbered  sequentially  in 
the  order  they  are  listed.  The  stimulus  or  measurement 

identification  appears  just  before  the  parent  test  module 
identification. 

The  first  test  module  represents  a resistance 

measurement  test.  An  ohmmeter  is  connected  between  the  UUT 
terminals  J1_B  and  J1_E  as  a measurement  device.  The  value 
of  the  resistance  measured  is  assigned  into  the  target 
variable  ZJ1_B_2.  A target  variable  name  is  constructed  as 
follows.  The  first  letter  identifies  the  type  of 

measurement.  "Z"  stands  for  resistance,  "V"  is  for  voltage, 
and  "I"  is  for  current  measurements.  Then  comes  the  "from" 
UUT  test  terminal  name  where  the  measurement  is  taken  (by 
notation  the  test  terminals  and  circuit  nodes  are  always 
written  such  that  positive  current  flows  from  the  first 
terminal  to  the  second  terminal).  The  measurement  sequence 
number  is  suffixed  to  the  terminal  name  to  create  a unique 
target  variable  name.  This  variable  may  be  used  by  other 
test  modules  as  a source  variable. 
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After  the  target  variable  declaration  are  two  assertion 
statements  which  belong  to  the  measurement  just  described. 
These  assertion  statements  evaluate  to  true  or  false 
depending  on  the  measured  value.  The  NOPAL  processor  then 
takes  the  logical  and  of  the  outcome  of  these  two 
assertions.  The  logical  outcome  of  the  test  module  becomes 
the  value  of  the  logical  and  of  the  two  assertions.  The, 
third  assertion  uses  an  IF-THEN-ELSE  construct  while 
declaring  0UTC0ME_1  as  a target  variable.  Since  this 
assertion  declares  a target  variable,  unlike  the  other  two 
assertions,  it  is  not  used  in  determining  the  outcome  of  the 
test  module.  It  merely  stores  the  logical  outcome  of  the 
test  module.  This  variable  is  used  at  the  end  of  testing  to 
detect  errors  and  to  send  aopropriate  messages.  The  name  of 
the  target  variable  is  formed  by  suffixing  "OUTCOME_"  by  the 
test  module  sequence  number.  This  variable  is  undefined 
before  the  test  is  performed. 

The  logic  statement  gives  the  internal  sequence  number  of 
the  above  assertion  as  found  in  the  assertion  limit  and 
binary  valued  diagnosis  table  in  a comment  statement.  If 
after  the  test  is  performed  the  logical  outcome  of  the  test 
module  is  true  (measurement  is  within  the  limits) , then 
diagnosis  29  is  selected.  Thus,  the  operator  receives  the 
message : 


•w 


THIS  IS  AN  INTERMEDIATE  FAULT  ISOLATION  RESULT  TESTING 

CONTINUES  

EC  SHORT (TQ2) 


After  this  messaqe  is  disDlayed,  further  orocessim 
determines  that  only  test  module  1 references  diagnosis  63 
by  conjunction.  So,  the  operator  receives  a second  messaae: 


1 FINAL  FAULT  ISOLATION  RESULTS  FAULTY  COMPONENTS  AND  I 

I I 
I THEIR  FAILURE  FUNCTIONS  ARE  LISTED  AS  I 
I I 
I <FAILURE_FUNCTION> (<UUT_COMPONENT_NAME>) : I 

I EC_SH0RT(TQ2)  I 

At  this  point,  the  operator  may  terminate  testing  and 
print  a reoair  ticket  for  the  UUT  or  may  continue  to  execute 
the  other  test  modules  to  check  for  possible  errors. 

Test  module  2 is  an  example  where  no  stimulus  is 
applied  and  no  measurement  is  taken.  It  checks  another 
range  of  values  of  a previously  obtained  measurement.  The 
comment  which  appears  immediately  after  the  test  module 
identification  explains  which  test  module  actually  performed 
the  test  whose  result  is  being  used.  Then  a dummy 
measurement  identification  is  given.  It  is  followed  by  some 
assertion  statements  and  logic  statements.  They  are  similar 
to  what  happens  in  test  module  1. 


j 

i 

I 

I 
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The  last  two  test  modules  are  used  to  send  special 
messages  to  the  operator.  The  conjunction  of  the  assertions 
in  test  module  53  is  true  if  diagnosis  35  was  selected. 
This  diagnosis  is  selected  by  the  conjuction  of  several  test 
modules  to  find  out  if  the  UUT  is  its  NOMINAL  state.  If  it 
is»  then  the  operator  gets  the  following  message  from 
diagnosis  72: 


GOOD  UUT 

(CHECK  FAULT  ISOLATION  MESSAGE  IF  THERE  ARE  NO  DIAGNOSIS 

FAILURES) 


If  there  were  any  failures  which  could  not  be  diagnosed, 
the  operator  would  have  received  the  proper  list  of 
failures.  In  this  example  there  are  a number  of  such 
failures.  Therefore,  the  operator  receives  the  following 
message,  too: 


i 

I 

I 


THE  FOLLOWING  FAILURES  (INCLUDING  NOMINAL  UUT)  WERE  NOT 

DIAGNOSED  

NOMINAL (ALL_COMPONENTS)  | SHORT (Rl)  | SHORT (R2)  I 
OPEN(R3)  I SHORT (R6)  I SHORT (R7)  I OPEN (RIO)  I OPEN(TDCRl) 
I BC__SHORT(04)  I OPEN  (Cl)  1 BE_SHORT  (T03)  I BE_SH0RT(Q4)  1 

SHORT (RSW) 


1 1 ^ 
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If  the  outcome  of  the  test  module  had  been  false»  the 
followinq  would  have  been  sent: 

- I 

I 
I 

••••  BAD  OUT  *•••  I 

I 

TESTING  PROCEEDS  TO  ISOLATE  THE  FAULTY  COMPONENT  I 

I 

- - - - ! 

Ihen  the  faiiltx  eonijviu'nt  wouKl  ho  isolated  ;uul  reiH'>rti\l  to  the  oiH'rator 
a-i  deserihed  in  test  iikhIuIo  1. 

lest  iiKHlule  SI  evaluates  to  ttiK'  uhen  none  ot'  the  diakinoses  ean  he  'ie- 
leeted  hv  con iiuiot  ions  ot'  test  nwlules.  llten,  the  error  nH'ssa>:e  in\di.»>;nv'si^ 
■’4  is  'iont  listinv;  soiik'  of  the  prohahle  eauses  of  ernn'  that  have  t;iken  I'laoe. 

If  the  test  rK'vlule  SI  evaluates  to  false,  then  oi\lv  the  fault  isolat  ioti 

vliayjnosis  iiK'ssa>;e  is  sent. 

\fter  the  descriptions  of  test  nK>dules  aiv  Cv.Mni'leted,  .i  list  of  tlu'  fail 
ures  of  the  lilH'  is  i^iven.  This  is  the  failure  dictionai’N’  written  in  WM'Vl 
syntax.  I'hen  all  ot  the  dia.cnoses  .ind  speci.il  nK'ssa.ces  ;ire  listovl.  This  is 
followed  hv  the  UIH  and  All  function  declarations,  linallv,  the  IIH'  test  ter 
minals  aiv  sjvcifievl.  The  llltf  lA^lNT  is  the  external  liUV  test  temin.il  n.iiiK'. 

Vhe  iVWl  ri\>R  n.iiiH'  is  the  s;iiiK'  .is  the  test  temin.il  input  file  n.'UiH'. 

The  last  st.iteim'nt  teminates  the  WlAM.  specification  for  lliri_i'r.^. 

The  explanation  of  the  NtM'.Al  sptvi  f icat  ion  is  cmipletixl  heix'.  As  the 

reader  nviv  have  .ilivadv  found,  the  ciMin’H'tits  in  the  NV'rAl.  specification  nvike 

It  verx"  easy  to  read  thixnyyh  the  covle  y:eneratt\l.  If  the  reavler  is  not  con 
tent  with  the  expl.uiat  ions  Riven  here,  it  is  nvoniiKMuled  tliat  the  formjil 
definition  Riven  in  the  .NiM'Al.  user's  Ruide  he  iwimed. 
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HUT  CIRCUIT  DtSCRlPTION  1 


TAILURE  DICIIOKART  I 


TtSI  TtK"lN*lS 


INITI*t  COEiOltlOMS 
OVtRSTKtSS 

ACCURACY  SPtCiFICAIIOftS  I 

FAULT  ISOLAIIOV  08JECTIV(S 
APPLICAULt  TESTS  LiORA-TT  - C»N» 
APPLlCAOLf,  TESTS  LI8RART  - ATE 
FAKUSc  StfApTOn  TAoLE  I 

TEST  LinIT  ANCt  OIAGSOSIS  TABLE  I 
MULTIPLE  valued  DIAGNOSIS  TABLE 
HtBuCiO  >1UlT.  VAL.  OIAG  TAPLE 


BIVART  valued  diagnosis  taple 


reduced  niN. 


ANSIGUITT  SU«FiART 


EQUIVALENCE  Classes 


nuftdea  or  failure  modes 


DIAGNOSIS  PERCENTAGE 


number  of  equivalence  CLASSES 


1 NAME 
I 

1 UUT  CPS 


I I I •/ 

t date  I time  1 •/ 

I I I */ 

K a a s s » s « « » r r 8 s 3 « 3 s s X s & & 3 •/ 

I 01/01/77  1 12:00:00  I •/ 


I default 


I 01/01/77  I 12:00:00  1 •/ 


I UUT  CPS 


I 01/01/77  I 1 


1 17)  I 01/01/77  I i; 


( 17)  I 01/01/77  I 12:00:00  1 •/ 


< S)  I 01/01/77  I 12;C0:C0  I •/ 


C 99)  I Cl/01/77  1 12:00:00  I •/ 


< SO)  I Cl/01/77  1 12:00:00  I •/ 


I •/ 


I •/ 


( 67)  I 01/01/77  I 12:00:00  I */ 


( SOI  I Cl/01/77  I 12:00:00  I •/ 


( JG)  I 01/01/77  I 12:00:00  I •/ 


Figure  4.16  NOPAL  Specification  Output 


r 


NUfOER  or  failure  mooes  : 67 

NUMBER  OF  tests  : 17 

number  OF  EQUIV.  CIASSlS  : 3A 

DESIRED  level  OF  OIAUAOSIS:  60. OZ 

ACHIEVED  level  OF  OlAtNOSlS:  S0.6Z 

FAULT  ISOLATION  IS  S A T I SF AC T OR T . 


total  number  of  test  SETUPS 
total  NU"JER  of  assertions 
shortest  test  setup 

LONGEST  TEST  SETUP 

SHORTEST  assertion  CONJUNCTION 

longest  assertion  conjunction 

AVERAGE  number  OF  ASSERTIONS/TCST 
AVERAGE  number  OF  T E S T / 0 1 aGNOS I S 
AVERAGE  number  OF  A S S E R T I ON / D 1 AGNOS IS 
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NOP*L  sp£cific*rio»*  uor_cPS  ; 



TtST  1 ; 

stimuli  It  1)  ; 

/.  THIS  IS  AN  IPPEOtKCt  PIASUREMtHT  TEST  - NO  SIIHOLUS  IS  USED  ./ 
PEASUREHEMT  ?t  1)  ; 

conjunction  t Zi  •. 

< < J1  0 , J1  E > OHM  s OHMMtTER  t IJl  P 2 OHM  ) I 

tapcei  : 2jiIb_2  ; 


ASSERTION  : IJI_6_2  > O.OOCOOEOi  ; /.  TEST  LOWER  LIMII  •/ 

ASSERTION  : EJ1_B_2  < 6.S9C0CE03  ; /»  TEST  UPPER  LIMIT  •/ 

ASSERTION  St  21  : /.  SAVE  THE  OUTCOME  Of  THE  TEST  MODULE  ./ 

If  IJ1_8.2  > 6.00000t03  I :jI.8_2  < 6.S9000E03 


THEN 
ELSE 
TARGE  r 

OUTCOME  1 . T 
OUTCOMES  = 0 
: OUTCOMt_l  ; 

/• 

/• 

OUTCOME  Of 
OUTCOME  Of 

the 

the 

TEST 

TEST 

IS  TRUE 

IS  FALSE 

./ 

./ 

LOGIC  t T) 

: /•  Internal 

SEQUENCE 

number  t 

s. 

J. 

2.  11 

./ 

I it  . 
* 63  ; 




TtST  2 ; 

/•  there  is  no  HEED  TO  REPEAT  PREVIOUSLV  PERfORMEO  TEST 

THE  variable  USED  IN  THE  FCLLO.ING  ASSERTIONS  IS  ALREADY 
available  fROM  stimulus  t 1)  AND  MEASUREMENT  t 2) 

OP  TtST  MODULE  t 1)  ./ 

MEASUREMENT  3t  21  ; 

assertion  ; 2J1_B_2  > 6.7Al)0OeO3  ; /.  TEST  LOWER  LIMIT  •/ 

ASSEnTIOn  : IJ1_B~2  < O.76000E03  ; /»  TEST  UPPER  LIMIT  •/ 

ASSERTION  St  31  ; /»  SAVE  THE  OUTCOME  Of  THE  TEST  MODULE  •/ 

If  IJt_a_2  > 6.74CC0E03  t 7j1_0_2  < S.76000t03 

Then  outcome_2  = i /•  “outcome  of  the  test  is  true  ./ 

else  OUrCOME“2  =0  /.  outcome  Of  the  test  is  fALSE  ./ 

TARGET  : outcome. 2 ; 

LOGIC  f 21  : /.  internal  SEDUENCE  number  t 6,  3,  2,  21  »/ 

I 32  , 

i 66  ; 
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TtST  S3  ; 

!•  find  if  uut  is  operational  or  palfunctioninc 
IN  either  case  inforn  the  operator 
DIAGNOSIS  < 72)  INDICATES  EVERYTHING  IS  OK 

DIAGNOSIS  ( 73)  INDICATES  FAULT  ISOLATION  TESTS  ARE  ABOUT  TO  START  •/ 


MEASUREMENT 

61(  53) 

0 

assertion 

: outcome 

6 ■ 

1 

0 

ASSERTION 

i OUTCOME 

15 

X 

ASSEn  riOH 

: OUTCOME 

23 

X 

ASSERTION 

i OUTCOME 

30 

s 

ASSERTION 

: OUTCOME 

.3  7 

= 

ASSERTION 

: OUTCOME 

43 

« 

assertion 

; OUTCOME 

AS 

X 

assertion 

: OUTCOME 

50 

a 

LOGIC  ( 53) 

• 

I 72  t /*  SEND  UUT  operational  MESSAGE  */ 
n 73  ; /•  send  uut  HALfUNCTIONlNG  MESSAGE  •/ 


TEST  54  ; 

/*  IF  NONE  OF  The  affected  COMPONENT  CLASSES  CAM  BE 
SELECTED  BY  CONJUNCTIONS  OF  TEST  MODULES  THERE  IS 
A SIGNIFICANT  ERROR  IN  TEST  DESIGN  — POSSIBLE 
REASONS  OF  ERROR  ARE  LISTED  IN  THE  OPERATOR  MESSAGE  */ 

measurement  p2(  54)  ; 

assertion  : /•  AND  IF  DIAGNOSIS  ( 35)  WAS  NOT  SELECTED  •/ 

IF  0UTC0HE_6  * Q 1 OUTCOME.IS  » Q 1 OUTCOME_23  * 0 \ 
OUTCON£_30  » 0 1 OOICuM£_37  • 0 I OUTCOME_43  0 I 
0UTC0MC”48  » C I OUTCOMe'SO  *0 
then  1«1  ” /•  TRUE,  DIAGNOSIS  HAS  NOT  SELECTED  •! 

else  InO  ; /•  false,  diagnosis  uas  SELECTED  •/ 

assertion  : /•  AND  IF  DIAGNOSIS  ( 36)  '-•At- NOT  SELECTED  */ 

IF  0UTC0ME_6  * 0 I OUTCOME  15  • v . OUTCOME  2T  ■ 0 I 
OUTCOME^AA  « 0 ~ 

then  1»1  ” /*  TRUE,  DIAGNOSIS  HAS  NOT  SELECTED  •/ 

ELSE  loO  ; !•  FAi.SE.  DIAGNOSIS  HAS  SELECTED  •/ 


ASSERTION  : /*  and  IF  DIAGNOSIS  C 40)  'JAS  NOT  SELECTED  </ 
0UTC0ME_29  » 0 ; 


: /•  send 

I 74  ; 


LOGIC  < 54) 


MAJOR  ERROR  MESSAGE  •/ 


UUT  COM^CNINT  DICTION**T 


SL 

1 ; »Ll  COH^S 

t rUNCTION«NOM|N4t 

, XMOfA* 

0 ; 

COfkp'f 

u 

2 

: R1 

t FUNcl  10l«*0PCN 

f 1N0CA> 

0 ; 

co«^’> 

It 

1 

• il 

• ruMCT|0M«SH0tT 

• IMOfl* 

0 ; 

It 

* 

t2 

• rUNCTX0M*0P€M 

• XNorx* 

0 ; 

It 

5 

t 

• ruNCiiON«SMotr 

t INOCXa 

0 i 

CO«P  f 

It 

A 

•5 

• FUMCT104«>0PCH 

• IMOCI* 

0 

COrtr*# 

It 

T 

• *1 

« rUNCTlOM-SHOtT 

f INDCI* 

0 ; 

CO*lP*f 

It 

s 

t4 

• Ft*Nt110N*0Pfl| 

• XMOd* 

0 

COrtf *f 

It 

9 

{ P4 

• rUMCTlOM^SNOtl 

• XMOCX* 

0 

It 

10 

6 

t FUNCT  10N«0PtN 

• INOES* 

0 

co«^  r 

It 

11 

• F5 

• FUNCTiPM»SHOf;T 

t INOCX* 

0 

It 

12 

: R6 

• FUMCT10N«0PeN 

• IMPEX* 

0 

COUP.f 

It 

1 J 

; R6 

, FUMCTlON«SMOtT 

f INOCA* 

0 

CQHpy 

u 

ti 

R7 

• FURCTI?M»0P6M 

• INOCA* 

0 

COPP^f 

It 

n 

9? 

• FUNtT10M»SM0tr 

t IMOEX* 

0 

COnP^f 

It 

16 

• FUNCTiORaOPCN 

« IROCX* 

0 

conp^f 

It 

12 

99 

• FUNCT10M»0PCN 

t XNOCX* 

0 

COnp’f 

It 

IS 

tv 

• FUMCTlON^SHOtT 

• iNOfX* 

0 

co«^*r 

It 

19 

tio 

• FUMCT 10N»0PCM 

• XROfX* 

0 

CO«P“f 

It 

20 

tio 

f FUNCTlO.*«SMOtT 

t IHOCa* 

0 

CO«1^*F 

It 

21 

»11 

, FUNCT lON-OPEM 

• XMOCX* 

0 

co««»’r 

It 

22 

• It 

t FUMCTION^SHOtT 

• iNOeXa 

0 

CO»i^*r 

It 

21 

tto 

t FUMCTlONaOPEN 

» INDEX* 

0 

COHP^f 

It 

26 

tto 

• FUMCTlONsSNOtr 

• iNorx* 

0 

co«»**r 

It 

26 

Cl 

t FUNCT10M>SH0tT 

, XbOFX* 

0 

COMP  F 

It 

26 

TOCSt 

, fuNCT ION*OPEN 

t IS0(X« 

0 

COMP.F 

It 

22 

TOCtl 

• FCNCTiOhaSHORT 

t XNOEXa 

0 

COmP^F 

It 

2« 

TJCt^ 

• FONCTlOb-SHORT 

• INDEX* 

0 

COMP^F 

It 

29 

TOCt? 

t FUNCTlObaSHORT 

• INDEX* 

0 

COMP*F 

It 

10 

TJC44 

• ruMCTlCl««OP€R 

• INDEX* 

0 

COMP  F 

It 

11 

TbCK4 

, FOMCT ICh*SHORT 

• INOEa* 

0 

COMP*F 

It 

12 

TbCtS 

• FUNCT10m>OP€M 

• XNOCX* 

0 

COMP*F 

It 

U 

TvCnS 

, FURtTlObaSNORT 

• INDEX* 

0 

COMPV 

It 

26 

TsIlA 

t FUNCTlOM«COtL.OPCN 

• INDEX* 

0 

comp“f 

It 

16 

raiA  ^ 

• FUMCTi0N««4SE*0Pth 

• INDEX* 

0 

cenp^^ 

It 

16 

TO 

, FUMtTI0l4»tMIT^0P6H 

• XNDEa* 

0 

tOMP^F 

It 

12 

rtiiA 

• ruMCTIObaOC.SNORT 

t index* 

0 

ce».<**F 

It 

11. 

roiA 

t FUNCTlOHariC 'short 

t INDEX* 

0 

COMr*  F 

It 

T31a 

• FUHCTlOMaCC'SMORT 

t INDEX* 

0 

COMP^F 

u . 

60 

TUlb 

» FUMCT lCM«COtt.OPtH 

• INDEX* 

0 

CCMP  F 

It 

»1 

Tulb 

, FUMCTlON-tniT^CPfM 

• INDEX* 

0 

COMP*F 

u 

62 

TUIO 

• FMtCTlONauC  SHORT 

• INDEX* 

0 

COMP^F 

It 

61 

TOlb 

• FUNCT10N«HI ^SHORT 

• INDEX* 

0 

COHP*F 

It 

66 

TOTH 

• FUNtTIOHatC^SHORT 

• INDEX* 

0 

tOPP*F 

It 

66  : T(i2 

t FUNCT10n*H4$(^OPCH 

t INDEX* 

0 

COMP.F 

It 

66  i Tb2 

, FVMCTlOMatMn 'oPtU 

, INDEX* 

0 

COMP.F 

It 

42 

Tt^ 

« FUNCTlONsbC.^HORT 

• Index* 

0 

COmp'f 

It 

62 

TO? 

, fumctioh>ui 'snort 

t INDEX* 

0 

C0MP*r 

It 

69 

T<42 

* FUNCT10H«tcISH0RT 

• INDEX* 

0 

COMP^F 

It 

10 

T03 

t FUMCTlOHaCOtL.OPCN 

t INDEX* 

0 

COMP  f 

It 

51 

TtS 

, ruMCT  l0lw>b4SF  OPfM 

• INDEX* 

3 

COMP*F 

It 

12 

TtJ 

« FUNCTIONatMIT'OPfN 

• Index* 

0 

COMP*F 

It 

11 

Tu5 

, FONCTlONabC^SnORT 

• INDEX* 

0 

comp’f 

It 

16 

TQ3 

t fUMCTXONaf  C'SMORT 

• INDEX* 

0 

COMP*F 

It 

15 

T04 

• FUMCTXONauASe  ^OPf N 

t INDEX* 

0 

COMP  F 

It 

16 

T«i4 

, fUMCTlOi»akf*XT'0PEM 

• INDEX* 

0 

COMP^f 

It 

17 

ru4 

• rUMCTlOMabC  SHORT 

• INDEX* 

0 

COMP*F 

It 

1» 

TQ4 

, FUMCTX0Na(c2SM0RT 

• INDEX* 

0 

comp^f 

It 

19 

Cl 

« rUMCTlOHaOPtN 

• INDEX* 

0 

CORP.F 

It 

6P 

TtfCt2 

• rUMCT  ICh^OPCM 

t INDEX* 

0 

CORP_.F 

It 

61 

Toca3 

• FURtf lOHaOPCM 

• INDEX* 

0 

COMP*F 

It 

c>2  : T02 

• FUMCtlOHatOtt.OPCN 

t INDEX* 

0 

COFIp"f 

It 

bl 

Ttl 

• FURCTIORa.^C  SHORT 

t INDEX* 

0 

C0Mr*r 

It 

66 

Ta4 

• rUMCIXOHaCOtt.OPCM 

• INDEX* 

0 

COMP.f 

It 

65 

ro4 

• FURCT10R«6C.SN0RT 

« INDEX* 

0 

COMP  F 

It 

06 

•$« 

, rURCI lOMaOPfR 

• INDEX* 

0 

COMP  r 

It 

6/ 

• SIF 

• FURC1iOMa|»HORr 

» IMOCX* 

0 ; 

DIAGNOSES  AND  SPECIAL  NESSACES 


/• 

/• 

/• 

/• 

/• 


'•/ 

•/ 

•/ 

•/ 

•/ 


DIAGNOSIS  1 : 

OPENaTOR  pessage  : 

AfFECIEO  COMPONENTS  > 

NOMINAL! ALL_COMPS>  I SHORTIRI)  I SHORTIRZ)  | 
OPEN(R3)  I SNORT(RO)  I SHORKRT)  | 

OPEN(RIC)  I OPCN(TOCRl)  I 8C  SHORT(TOA)  | 
OPENJC1)  I aE_SHORT(Ta3)  I BE  SH0«T(T04)  I 
SHORT(RSW)  • 

TTPE«  DISJUNCTION  ; 


DIAGNOSIS  29  : 

OPERATOR  MESSAGE  : 

affected  COMPONENTS  * 
EC_SH0RT(T02|  , 
TTP£»  DISJUNCTION  ; 


DIAGNOSIS  33  : 

OPERATOR  MESSAGE  : 

AFFECTED  COMPONENTS  > 
N0HIMAL<ALL_C0MPS)  I 
0P£N(R3)  I $H0RT(R6>  I 
OPENfRiO)  I OPENITOCRI) 
OPEK(CI)  I b£  SH0RT(TQ3) 
SHORTIRSW)  , 

TYPE*  NODIAJNOSIS  ; 


SHORT(Rl>  I SHORT(R2) 

I SH0RT(R7)  I 

I 3C_SH0RT(Ta4>  | 

I BE.SHORT  CTQH  I 


diagnosis  63  : 

OPERATOR  MESSAGE  t 

AFFECTED  COMPONENTS  > 
EC_SHORI(Ta2)  , 
TTP£»  conjunction  ; 


/ 


/ 
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EHBSHHH 


/ 


/ 


NCSSAGE  StSJUNCTIOH  T 

TCXT>'TN1S  IS  AN  INTSANEOIATS  FAULT  ISOLATION  RESULT 
TESTING  continues  (Cl'; 

RESSAGE  CONJUNCTION  : 

teat»'final  fault  isolation  results  — - 

faultt  corponents  ano  their  failure  functions 

are  LISTCO  as  <FAIlURE  FUNCTI0N>  ( <UUT  CORPONEN1_NARE>  ) : 

< C » ' ; 

RESSAGE  NODIAGNOSIS  : 

TEAT«'THE  following  failures  (INCLUDING  NORINAL  UUT ) 
mere  not  DIAGNOSABLE  — ( C t ' ; 




DIAGNOSIS  72: 

OPERATOR  RESSAGE  : 

TTP£«  COOO_UUT  : 

RESSAGE  GOOD.UUT  : 

TE*T«'«»»*  GOOD  UUT 

CCHECK  FAULT  ISOLATION  RESSAGE  TO  SEE  IF  THERE  ARE 
r«0-OI  AGNOSIS  FAILURES)  ' ; 


DIAGNOSIS  73; 

OPERATOR  RESSAGE  : 

TYP£=  BAO_UUT  ; 

RESSAGE  OAO.UUT 

TEXT*'****  BAD  UUT  ***• 

TESTING  PROCEEDS  TC  ISOLATE  THE  FAULTT  COHPONENT'  ; 


DIAGNOSIS  7(: 

OPERATOR  RESSAGE  : 

TYPE*  RAJ0R_CRR0»  ; 

RESSAGE  NAJOR  ERROR~: 

TEXT*'****  NAJOR  ERROR  IN  FITS  FAULT  ISOLATION  LOGIC  •**• 
probable  CAUSES  OF  ERROR  ARE  : 


(I)  undefined  failure  of  UUT, 

(2l  INACCURATE  RODELLING  IN  CIRCUIT  ANALYSIS, 

(I)  INSUFFICIENT  ATE  ACCURACY, 

(L)  ATE  OPERATOR  ERROR  IN  nanual  TEST  SETUP  (IF  ANY).'  ; 

* * * 


i 


UUT  AMO  ATE  FUNCTIONS 


i 

I 

i 

! 


! 


1 


[ 


/• 

/• 

/• 

/• 


*/ 
• / 

• / 


FUNCTION 

FUNCTION 

function 

FUNCTION 

FUNCTION 

FUNCTION 

FUNCTION 

FUNCTION 

FUNCTION 


nominal 

OPEN 
SHORT 
COLL  OPEN 

base'open 

ENIT'oPtM 

BC.siloRI 

Oe.SMORT 
EC  SHORT 


FUNCTION 

FUNCTION 

function 
function 
function 
function 
function 
func  I ION 
function 


TrPfc»F 

ttpe«f 

TTPE»f 

ttpe»f 

TTPt'F 

TTPfc«F 

TTP£aF 

TTPE«F 

TTP£*F 


AILURE  t 
AILUPC. 
AILURE . 
AILURE  , 
AILURE. 
AILURE. 
AILURE. 
AILURE  . 
AILURE, 


PARANA 

PARANA 

PARANA 

PARANA 

PARANA 

PARANA 

PARANA 

PARANA 

PARANA 


CONP.S) 

CONP.S) 

COHP.SI 

CONP.S) 

CONP.S) 

CONP.S) 

COnP.S) 

CONP.S) 

CONP.S) 


{ 


FUNCTION 

FUNCTION 

FUNCTION 

FUNCTION 

FUNCTION 


WOLTNETER.  TTPE«N,  «P1NSp2, 

PARANI a<v,T,(VOLT,*SO,-SO)) 
PARAN2a(r,s,(ohn,10NEG.10n£C))  ; 

ANPHIIEn,  TTPEaN,  «P1NSa2, 
PARAH1a(i,t,(aNP,«1 .0,-1.0)) 
Paran2a(c,S,(nho,100.10C))  ; 
OmNMEIEk,  TTPE»N,  CPINSa2, 
PARAN1=(R,T,<OHN,10NEC,0.1)) 
ESUPOlT,  TTP£aS,  )»_PtNS=2, 

PA  RANI  A (V,S,( VOLT. 50, -SO)) 

PARAN2  = (R,S,(0HN, IE-6, IE-6))  ; 
JSUPPLT,  TTPEaS,  a PINS»2, 

PARANl A(i ,s, CANP, 17QE-6 ,-1 .a£-6) ) 
PARAN2aig,S, (MHO, IE-6, l£-6))  ; 


/.A#*..*., 

/A 

•/ 

/* 

UUT  TEST  TERMINALS 

•/ 

/• 

• / 

/AAAA*AAA< 

UUT_POINT 

: J1_0 

f 

CONN£CTORa< 

Jl_PIN  ) ; 

/•  GROUND 

• / 

UUT  POINT 

: J1  A 

• 

CONNkCTORAC 

J1  PIN  ) ; 

/•  Q_SUITCH 

•/ 

UUT  POINT 

: E 

CONNECTORpL 

JI  PIN  ) ; 

/•  aZLV  AUX 

•/ 

UUT.POINT 

: J1  r 

V 

C0NNECT0R-( 

Jl  PIN  ) ; 

/.  AlSV 

•/ 

UUT  POINT 

: Ji  G 

t 

CONNECTOR 

J1  PIN  ) ; 

/•  *25 W 

•/ 

UUT  POINT 

: J1  H 

f 

CONNECTOR>( 

Ji  PIN  ) ; 

/•  ♦28,*24 

TANK 

OATTeNV  SENSE 

• J 

U0T_P01NT 

: J1_X 

t 

CONNECTOHa( 

J1_PIN  ) ; 

/•  BTI.RECHARGADLE  BATTERY 


•/ 


END  OF  NOPAL  TEST  SPECIFICATIONS 


•/ 

•/ 

•/ 

•/ 

•/ 


END  UUT  CPS 
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CHAPTER  5 


DESIGN  OF  THE  FITS  SYSTEM 


In  this  chapter  some  of  the  design  considerations  and 
problems  associated  with  fault  detection  and  isolation  are 
discussed.  Section  5.1  describes  the  types  of  circuits 
which  can  be  analyzed  with  the  FITS  methodology.  Section 
5.2  contains  a discussion  of  the  failures  which  are  observed 
in  analog  circuits.  More  prominent  catastrophic  failures  of 


basic 

electronic  components 

are  emphasized. 

Section 

5.3 

describes 

the  interpretation 

of  test 

setup. 

Section 

5.4 

lists 

the 

assumptions  made 

in  this 

work. 

Section 

5.5 

contains  a 

discussion  of  the  methods 

used 

to  find 

test 

limits  using  fault  simulation.  In  Section  5.5  a 
formalization  of  the  fault  isolation  logic  used  in  the  FITS 
system  is  described.  Finally  in  Section  5.6,  the  test 
minimization  method  is  described. 
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One  of  the  objectives  in  the  design  of  the  FITS  system  is 
to  make  it  possible  to  generate  tests  to  diagnose  and 
isolate  failures  for  a large  variety  of  electronic  analog 
circuits.  It  is  not  possible  to  include  all  types  of  analog 
circuits.  The  class  of  analog  circuits  which  are  preferred 
have  an  observable  steady  state.  That  is,  test 
specifications  for  circuits  which  exhibit  a constant  level 
of  measurable  output  response  at  their  available  test 
terminals  when  attached  to  fixed  power  sources  can  be 
generated  automatically.  This  restriction  excludes  devices 
such  as  oscillators  and  function  generators  as  immediate 
candidates  for  automatically  testable  circuits.  However, 
through  appropriate  test  strategies  defined  by  the  user, 
test  design  for  such  devices  can  also  be  accomplished  by 
FITS. 

The  reason  why  digital  circuits  are  excluded  from 

investigation  is  essentially  due  to  the  technology 

advancement  in  digital  circuit  design.  Digital  circuits  are 

no  longer  constructed  using  the  basic  circuit  elements  such 

as  resistors  and  transistors,  but  they  are  constructed  by 

using  functional  units  such  as  logic  gates,  counters  and 

shift  registers,  A single  circuit  component  may  include 

hundreds  of  basic  analog  circuit  elements  in  one  package,  but 

it  generally  has  only  a few  input-output  terminals  and  power 

supply  terminals.  For  instance,  microprocessors  in  the 

MCS-48  series  have  about  20000  transistors  in  one  IC  package 
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( 85  1 . Digital  components  are  used  to  perform  logic 
functions,  and  their  internal  construction  is  irrelevant  to 


I 


the  interest  of  the  designer.  Therefore,  the 
troubleshooting  of  such  devices  is  performed  at  a functional 
level,  and  components  are  replaced  at  the  IC  package  level. 
The  lowest  level  in  digital  circuit  testing  may  be 
structural  to  assure  that  each  individual  hardware 

constituent  operates  correctly.  However,  it  is  much  faster 
to  perform  the  testing  at  a functional  level.  In  functional 

test  design,  a list  of  input  and  output  response  patterns 
are  found  to  diagnose  and  isolate  the  failures.  The  most 
common  approach  assumes  stuck-at-one  or  stuck-at-zero  (SA 
Model)  failures  of  digital  devices.  Then,  test  string 
patterns  are  found  using  methods  like  path-sensitization 
[ 84  ] or  Boolean  difference  [ 85,86  ] of  the  Boolean 
expressions  which  describe  the  system  behavior. 

Because  of  the  emphasis  put  on  functional  testing 
analog  circuit  testing  is  differentiated  from  digital 
testing.  However,  occasionally  both  analog  and  digital 
testing  use  the  similar  terminology  and  fault  diagnosis  and 
isolation  techniques.  After  all,  digital  circuits  are 
essentially  analog  circuits  when  they  are  investigated  at 
the  basic  circuit  element  level. 

The  FITS  system  enforces  no  restrictions  on  the  size, 
function  or  interfaces  required  for  the  proper  operation  of 
the  UUT.  It  may  have  both  linear  and  nonlinear 
characteristics.  If  the  user  wishes,  the  environmental 


1 
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\ ; 

i 

I dependencies  such  as  radiation  and  temperature  may  be 

1 

I included.  The  circuit  is  described  to  the  FITS  system  as  if 

it  is  being  described  for  analysis  by  a CANA  program.  The 

power  supplies  may  be  specified  as  the  initial  conditions  to 
find  the  nominal  quiescent  operating  conditions.  If  the 
circuit  has  more  than  one  nominal  operating  mode  (involving 
different  states  of  thermal  switches,  mechanical  switches, 
push-buttons,  etc),  each  one  of  these  conditions  needs  to  be 
* described  as  a different  initial  state  of  the  circuit.  If 

, there  are  memory  states,  these  states  need  to  be  described 

as  separate  initial  states. 

FITS  is  primarily  intended  for  diagnosing  analog 
circuits  which  use  only  discrete  components.  If  the  circuit 
includes  complex  devices  such  as  operational  amplifiers, 
they  need  to  be  modelled  in  terms  of  basic  circuit 
components  or  as  functional  convolutions.  This  imposes  no 
restrictions  on  the  circuit  types,  since  such  devices  must 
be  described  to  a circuit  analysis  program  in  this  manner 
anyway. 

The  nominal  circuit  is  expected  to  be  described  in 
terms  of  the  nominal  component  values  with  their  tolerances 
as  specified  in  the  manufacturer's  specification  lists.  The 
component  tolerances  may  be  assigned  wider  tolerances  to 
accommodate  less  stringent  performance  as  desired  by  the 
designer  (see  Section  5.5). 


5.2  Types  of  Failures 

The  malfunction  of  a UUT  due  to  chanqes  in  component 
properties  is  a failure  by  definition.  The  state  the  UUT  is 
in  when  it  has  a failure  is  called  a failure  mode.  In  this 
work,  the  failures  which  are  of  primary  concern  are  single 
catastrophic  failures  of  individual  circuit  components. 
Composite  failures  which  are  defined  by  the  failures  of 
several  components  are  less  likely  to  happen  than  single 
catastrophic  failures,  so  composite  failures  are  not 
emphasized  in  this  work.  Open  or  short  resistors, 
capacitors,  inductors  and  diodes  are  generally  considered  to 
be  catastrophic  failures.  Similarly,  open  or  short 
terminals  of  other  semiconductor  devices  are  catastrophic 
failures.  For  example,  shorted  collector-emitter  junction 
of  bipolar  transistors  is  a common  failure.  Since  any 
circuit  response  may  be  a symptom  of  a failure  by 
definition,  any  component  value  may  be  the  reason  of  a 
failure.  Thus,  20%  degradation  of  the  dc-gain 
characteristic  of  a transistor  may  be  defined  to  be  a 
failure.  These  failures  are  modelled  as  component  value 
changes  or  topological  changes  in  the  circuit  diagram.  A 
failure  is  assumed  to  be  stable  (fixed)  throughout  the 
testing  time. 

The  FITS  system  presumes  that  all  failure  modes  which 
the  UUT  may  have  are  well  defined  and  adequately  described 
to  the  system  in  the  failure  dictionary.  Each  failure  mode 
exhibits  a different  state  of  the  UUT  operation.  The 


nominal  operating  mode  is  treated  just  as  another  state  of 
the  UUT.  By  definition  the  nominal  mode  is  the  failure 


f 


number  1 (F^  ), 

Even  though  the  system  was  developed  for  detecting  and 
isolating  single  failures,  it  may  readily  be  extended  to 
include  multiple  or  induced  failure  modes  of  the  UUT,  This 
is  done  by  describing  these  composite  failures  as  changes  to 
the  nominal  circuit  and  giving  an  identification  name  to  the 
failure  mode. 

All  failure  modes  are  assumed  to  be  equally  likely  to 
occur.  More  prominent  failures  may  optionally  be  assigned  a 
relative  frequency  index  which  is  passed  to  the  bottom  part 
of  NOPAL  as  a parameter  to  influence  the  execution  sequence 
of  the  tests  generated. 

The  basic  failure  functions  of  electronic  components  are 
unified  under  a general  theory  [ 87  ] , It  is  necessary  to 
develop  the  failure  functions  of  components  from  published 
data  or  after  performing  experiments  to  determine  the 
failure  mechanisms  in  relation  to  the  area  of  interest. 

A large  amount  of  information  is  available  from  general 
reliability  analysis  to  define  and  calculate  the  failure 
rate  indices  for  component  failures.  Failure  rates  of 
elements  and  the  mean — time — between— failures  (MTBF)  are 
useful  concepts  in  determining  what  to  include  in  the 
failure  dictionary.  Certain  types  of  failures,  such  as  a 
resistor  failing  by  shorting  or  capacitor  by  open  circuit. 


are  unlikely  to  happen.  They  are  evidenced  from  the  data 
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available  from  reliability  analysis.  Similarly,  it  is 
observed  that  the  failure  rates  of  certain  components  are 
higher  than  others.  For  example,  transistors  fail  more 
frequently  than  resistors. 

The  books  "Probabilistic  Reliability"  by  Shooman  [ 87  ] 
and  "Fundamentals  of  Reliability  Theory"  by  Polovko  ( 88  } 
contain  several  chapters  relating  to  component  failures  and 
reliability  calculations.  They  both  contain  interpretations 
of  the  failure  rate  data  available  in  "Reliability  Stress 
and  Failure  Rate  Data"  (MIL-HDBK-217 , 217A  and  217B)  [ 891 
and  "Failure  Rate  Data  Book  - FARADA"  { 90  1 . They  include 
information  on  the  total  number  of  tests,  number  of 
failures,  source  of  the  data  and  the  environment.  It  is 
recommended  that  users  of  the  FITS  system  who  are  intending 
to  use  the  failure  definition  option  familiarize  themselves 
with  the  concepts  presented  in  these  references. 

A short  summary  of  the  failure  functions  found  in  analog 
circuits  is  presented  here  for  uniformity.  Generally, 
failures  of  circuits  are  due  either  to  chance  failures  or  to 
wear-out  failures  of  individual  components.  The  wear-out 
failures  are  caused  by  gradual  changes  in  component 
characteristic  with  time,  such  as  drift  in  value  of 
resistance.  The  chance  failures  are  observed  as 
catastrophic  failures  such  as  open  or  short  circuits.  The 
wear-out  failures  are  observed  as  degradation  of 
performance. 

The  chance  failures  are  characterized  by  reliability  R 


which  is  exponentially  related  to  the  failure  rate  > and  to 
the  operating  time  t ( 0<t<^«o)  by: 

R.  (t)  = 


The  wear-out  failures  are  characterized  by  the  drift  of 
oarameters  beyond  admissible  limits.  The  wear-out  failures 
follow  the  normal  distribution  law: 


R.(t)  = 


I 


- ( ■t-K)  V2.tr*- 


^ 'firr 

, 5"  is  standard  deviation  and  jx  is  a 


where  -‘»«<t<  + « 
constant. 

Statistical  data  indicate  that  nearly  50%  of  the  total 
number  of  components  in  analog  circuits  (whether  they  are 
transistor  dominant,  discrete  device  or  otherwise)  are 
resistors  (91  ].  Even  though  resistors  are  among  the  most 
reliable  components,  due  to  the  large  number  of  occurrences 
a circuit  may  fail  due  to  failures  in  resistors.  More  than 
55%  of  the  failures  in  resistors  are  due  to  various  open 
circuits,  and  35-40%  are  specifically  due  to  the  burn-out  of 
the  conducting  material.  Hence  90-95%  of  the  failures 
result  in  open  circuits.  Only  about  5%  of  the  failures  are 
due  to  sharp  decrease  of  resistance  (shorting)  [ 88  ] . 
Resistor  failures  may  further  be  identified  for 
semiconductor,  carbon,  wire-wound  or  composition  type 
materials  and  according  to  MTBF  depending  on  the  loading 
factor,  ambient  temperature,  humidity  and  the  frequency  of 
the  applied  voltage.  These  details  are  not  further 
described  for  they  are  beyond  the  scope  of  this  discussion. 
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About  27-33%  of  the  components  in  transistor-IC  and 
discrete  device  circuits  are  capacitors  [91],  Capacitors 
are  also  among  the  reliable  components.  About  80%  of 
capacitor  failures  are  due  to  the  puncture  or  the  dielectric 
and  flash-over  (surface  discharge)  in  the  insulation  between 
plates.  The  failures  which  are  due  to  a nonpermissable 
decrease  of  insulation  resistance  amount  to  about  5%  of  all 
failures.  Open  capacitor  failures  amount  to  about  15%  of 
the  total  failures  [88],  As  for  resistors,  the  MTBF  of 
capacitors  depends  on  the  loading  factor,  ambient 

temperature,  humidity  and  the  frequency  of  the  applied 
voltage . 

Transformers,  chokes  and  coils  may  fail  in  modes  of:  open 
circuit  in  the  winding,  interwinding  shorts,  puncture  to  the 
case,  and  change  of  fundamental  parameters. 

Relays  and  switches  are  among  the  least  reliable 
components  because  of  the  mechanical  motion  involved.  They 
fail  by  the  sticking  of  contacts  and  by  failures  similar  to 
inductive  elements. 

A diode  may  fail  in  two  modes;  open  or  short  circuit. 
When  shorted  it  behaves  as  a very  low  resistance,  and  when 
open  it  behaves  as  infinite  resistance  in  both  directions. 

A bipolar  transistor  may  operate  in  three  regions 
saturation,  normal  and  cutoff  regions.  There  may  be 
different  modes  of  failure  in  each  region.  If  the 
transistor  never  operates  in  that  region,  the  failure  may 
not  effect  circuit  performance  at  all.  It  has  been  reported 


IL 
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that  bipolar  transistors  may  have  about  30  possible  failures 
due  to  almost  200  failure  mechanisms  ( 92  1 . Common  types 

of  failures  are  shorts  between  the  junctions  and  open  of 
junction  terminals  (93  ] . High  level  of  noise  generation 

is  also  a common  failure. 

5.3  Test  Setup 

In  this  work  a test  setup  refers  to  the  configuration  of 
connecting  test  devices  to  a UUT.  Test  devices  of  a test 
:i  setup  may  be  composed  of  one  or  more  stimulus  devices  and  a 

measurement  device  connected  to  the  UUT  at  its  available 
test  terminals  (see  Figure  5.1).  A stimulus  device  is 
effectively  a function  which  influences  the  UUT  in  any 
fashion.  These  devices  may  be  power  supplies,  loads, 
heating  or  cooling  mechanisms,  etc.  A measurement  device  is 
effectively  a function  which  quantifies  the  response  of  the 
UUT  to  a stimulus.  It  may  be  a physical  quantity  or  a 
derived  quantity.  For  example,  the  measurement  of  the  gain 
of  an  amplifier  is  performed  by  calculating  the  ratio  of  the 
output  power  to  the  input  power.  A measurement  taken  by  a 
measurement  device  is  a single  number.  The  measurement  of  a 
UUT  response  due  to  a stimulus  at  given  test  terminals  is 
simply  called  a test . When  a test  is  named,  the  stimulus 
and  measurement  devices  as  well  as  their  connection 

terminals  are  specified.  When  a measurement  name  is 
referenced,  the  stimulus  associated  with  the  measurement  can 
be  found  in  the  test  identification. 
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5.4  Assumptions 


A list  of 

the 

assumptions  made  in  this 

work  are 

given 

below. 

1.  The  circuit 

diagram  of  the  electronic 

analog  circuit 

(UUT)  and 

the  failures  under  consideration  can  be 

described 

by 

topology  and  component  values  to  a 

CANA 

system  for 

computer  simulation. 

2.  Accuracy 

in 

modelling  for  simulation 

is  provided 

and 

verified 

by 

the  user.  Applicability 

of  the 

tests 

generated 

by 

FITS  is  possible  only 

through 

this 

provision. 

3.  All  power  supplies  of  the  UUT  are  external  to  the 
circuit  and, , their  connection  terminals  are  accessible 
for  ATE  interfaces. 

4.  In  addition  to  the  ground  terminal,  the  UUT  has  at  least 
one  test  terminal. 

5.  All  possible  failure  modes  of  the  UUT  are  defined  in  the 
failure  dictionary.  (Any  undefined  failure  mode  may  go 
undetected,  or  result  in  an  erroneous  diagnosis,  or  be 
properly  detected  and  indicated  so  to  the  user.) 

6.  A component  which  has  failed  may  overstress  other 
components;  however,  it  may  not  induce  an  additional 
failure  in  the  overstressed  comoonents  unless  the 
composite  failure  mode  is  stated  explicitly  as  a 
distinct  failure  mode  in  the  dictionary. 

7.  CANA  simulation  and  physical  testing  are  compatible. 

That  is,  the  simulated  circuit  response  can  be  measured 
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by  the  ATE  within  the  specified  measurement  tolerance. 
The  ATE  should  be  capable  of  applying  the  stimuli  and 
talcing  the  measurements  as  specified.  The  environmental 
conditions  such  as  temperature  and  humidity  levels  in 
the  ATE  environment  should  be  duplicated  as  specified  to 
the  simulation  program. 

8.  The  UUT  does  not  have  an  oscillatory  response  when  it 
has  one  of  the  possible  failure  modes  listed  in  the 
failure  dictionary. 

9.  The  failure  of  a UUT  is  fixed;  that  is,  the  UUT  with  a 
failure  does  not  change  its  properties  while  the  testing 
is  in  progress.  The  UUT  response  and  the  definition  of 
the  failure  are  time  invariant. 

5.5  Measurements  to  Detect  Symptoms  of  Failure 

All  measurable  quantities  have  uncertainties.  Because 
of  the  varying  tolerances  of  the  components  used  in  building 
electronic  circuits,  no  two  units  have  identical  properties. 
Even  if  they  have,  the  measurements  made  on  them  may  be 
slightly  different  because  of  the  measurement  device 
inaccuracy.  Tolerance  analysis  is  an  involved  research 
area.  A discussion  of  related  topics  can  be  found  in 
"Computer  Aided  Network  Design"  by  Calahan  [ 94  ] and  in  the 
April  1971  issue  of  the  Bell  System  Technical  Jounal  [95  ). 

During  the  design  stage  of  circuits,  great  attention 
is  paid  to  restrict  the  tolerances  on  the  components  such 
that  any  unit  built  using  off-the-shelf  components  will 


perform  within  specifications.  Usually  there 


are  three 


types  of  tolerance  distributions  of  the  electronic 
components  available  from  manufacturers.  They  are 
characterized  by  normal , bimodal  and  uniform  distributions 
as  illustrated  in  Figure  5.2,  The  components  with  normal 
distribution  of  tolerance  are  most  widely  used  in  commercial 
applications.  If  the  components  have  narrow  tolerance 
limit,  the  distribution  of  their  values  approaches  uniform 
distribution  over  the  tolerance  band.  If  the  uniformly 
distributed  components  are  removed  from  a normal 
distribution,  the  remainder  exhibits  a bimodal  distribution. 
Uniform  distribution  is  generally  used  in  high  precision 
equipment  and  bimodal  distribution  is  used  in  lower  quality 
products. 

The  effect  of  using  comoonents  with  values  different 
from  the  nominal  results  in  UUT  response  which  varies  over  a 
range  of  values  for  different  UUTs,  The  central  limit 
theorem  ( 96  ] shows  that  when  there  are  a large  number  of 
independent  variables,  normal  distribution  is  approached 
even  when  each  variable  is  not  normally  distributed.  Hence 
the  net  effect  of  independent  random  variations  of  component 
values  may  be  assumed  to  be  normally  distributed  for  all 
measurements  made  at  the  test  terminals  of  a UUT,  This 
assumption  may  not  always  be  valid,  however  it  is  observed 
that  the  majority  of  electronic  circuits  are  characterized 
by  this  property. 
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Figure  5.2  Component  Tolerance  Distributions 
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5,5,1  Test  Limits  Specification 

Component  tolerances,  test  equipment  stimulus  and 
measurement  inaccuracy  have  great  significance  on  the 
statement  of  UUT's  measured  parameter  tolerance  limits. 
Figure  5,3  represents  the  expected  range  of  measurements  of 
parameter  of  a UUT,  Systematic  error  in  the  ATE 
measurement  device  produces  a range  of  uncertainty  about  any 
measured  value.  Therefore,  a measurement  which  is  slighty 
outside  the  indicated  tolerance  limits  for  a particular 
parameter  measurement  instance  could  possibly  represent  a 
true  failure  or  tolerance  build-up  from  acceotable 
tolerance.  Similarly,  a parameter  value  can  actually  be 
outside  the  tolerance  limits  and  still  measure  within 
tolerance  t 97,98  ),  These  errors  are  called  Type  I and 
Type  II  errors^  respectively. 

Test  limits  can  be  adjusted  at  either  extreme  so  that  no 
acceptable  performance  is  rejected,  or  no  marginally 
out-of-tolerance  performance  is  accepted,  A third  choice  is 
to  select  the  limits  such  that  both  Type  I and  Type  II 
errors  are  simultaneously  minimixed.  During  the  course  of 
this  research,  it  was  found  that  the  third  approach  does  not 
introduce  any  significant  advantage  and  requires  the 
solution  of  a large  simultaneous  nonlinear  equations  system. 
Minimization  of  only  Type  I errors  is  widely  practiced.  So, 
this  approach  is  adopted  in  the  FITS  system  (Figure  5,4), 
The  system  can  readily  be  modified  to  minimize  Type  II 
errors, 
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Figure  5.3  Parameter  Tolerance  Limits 
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5.5,2  Calculation  of  Parameter  Limits 

In  order  to  determine  the  test  limits  for  symptoms  of 
failure,  the  following  four  techniques  can  be  employed:  (1) 
empirical  tests,  (2)  statistical  analysis,  (3)  worst-case 
analysis,  and  (4)  Monte  Carlo  techniques, 

1.  Empirical  Tests:  This  technique  is  the  most  difficult 

! and  time  consuming  to  perform.  When  a circuit  is  built 

i using  breadboard  techniques,  its  specifications  result 

I 

I in  requiring  precision  components  so  that  production 

units  match  the  breadboard  prototype.  Therefore,  when 
this  design  technique  is  used,  the  diagnostic  test 
limits  should  not  be  based  on  the  component  tolerance 
specifications.  If  the  test  limits  are  based  on  them, 
they  will  be  much  tighter  than  necessary  for  acceptable 
performance.  Establishing  test  limits  in  this  case  is 
extremely  difficult.  The  most  common  practice  is  to 
insert  the  prominent  catastrophic  failures  to  observe 
the  symptoms  of  failure. 

The  major  drawback  of  this  approach  is  its 
vulnerability  to  test  design  error  and  the  requirement 
of  specially  skilled  test  technicians  to  conduct  the 
tests.  In  the  FITS  system  such  tests  are  recommended 
for  test  design  verification  instead  of  test  design, 

2,  Statistical  Analysis  by  Sensitivity  Approach:  When  the 
tolerances  of  the  individual  components  are 

statistically  independent,  tolerances  of  components  may 
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be  added  in  root -sum-squared  manner  to  yield  the  overall 


tolerance.  Root-sum-square  (RSS)  method  enables  to 
obtain  a statistical  estimate  of  the  deviation  of  the 
parameter  (p^  ) to  be  measured  by  computing  the  square 
root  of  the  sum  of  the  squares  of  the  sensitivies 
weighted  by  the  tolerance  interval  of  each  component  for 
which  a tolerance  is  specified.  The  sensitivity  S of 
parameter  p with  respect  to  component  Cj  is  defined 
as  a partial  derivative: 


The  RSS  of  p^ 


is  obtained  by: 


where  Atolj  is  the  relative  tolerance  interval  of 
component  Cj  . 

The  RSS  value  is  closely  related  to  the  standard 
deviation  of  the  measured  oarameter.  If  the  number  of 
randomly  varying  circuit  components  is  large,  the 
distribution  of  the  measured  response  approaches  the 
normal  distribution.  Thus  the  circuit  response  can  be 
expected  to  be  measured  within  a few  RSS  values  away 
from  the  nominal. 

This  technique  is  generally  used  with  a CANA 

program  to  determine  the  sensitivity  of  the  parameter. 

The  root-sum-square  sensitivities  and  component 
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tolerances  are  used  to  predict  the  range  of  response. 
This  approach  does  not  give  a true  indication  of  the 
parameter  ranges  since  the  sensitivity  by  definition  is 
a local  behavior.  Statistical  tolerance  assignment  is 
generally  used  in  commercial  environment  where  component 
part  cost  is  a significant  design  factor.  In  military 
systems,  due  to  the  performance  requirements  and 
environmental  considerations,  component  parts  have 
tighter-than-necessary  tolerance  specifications  for 
circuit  performance.  Therefore,  it  may  be  misleading  to 
base  test  limit  selection  criteria  solely  on  component 
tolerance  specification  in  the  purchase  orders.  FITS 
provides  the  RSS  values  of  all  measurements  calculated 
to  aid  the  user  in  observing  the  effects  of  component 
tolerances. 

Detailed  description  of  this  type  of  analysis  can  be 
found  in  several  references  [ 94,99,  100,  101  ].  PCAP, 

SPICE2,  ISPICE,  IMAG-III,  EXTENDED  SCEPTRE  and  NAP2 

circuit  analysis  programs  are  capable  of  peforming 

sensitivity  analysis.  ^ 

3.  Monte  Carlo  Techniques;  This  is  essentially  a 
statistical  sampling  technique.  Component  part  values 
are  randomly  selected  between  allowable  tolerance 
bounds,  and  test  measurements  are  calculated.  The 

sample  mean  and  standard  deviation  are  taken  as 
approximations  to  the  expected  measurement  limits  [ 94, 
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‘ 102 ] . A large  number  (n>30)  of  samples  need  to  be 

analyzed  to  obtain  reliable  statistics.  This  technique 
; is  invariably  applied  with  CANA  programs.  ASTAP,  BELAC 

and  EXTENDED  SCEPTRE  are  capable  of  performing  Monte 
Carlo  analysis. 

4.  Worst-Case  Analysis;  This  technique  provides  the 

simplest  method  to  calculate  parameter  tolerances  using 
CANA  programs.  Two  approaches  are  possible:  (1)  true 
worst-case  analysis,  and  (2)  approximate  worst-case 
analysis.  In  the  true  worst-case  analysis,  component 
I values  are  varied  within  tolerance  by  small  increments 

to  detect  the  absolute  minimum  and  maximum  values  of  the 
I measured  parameter.  Approximate  worst-case  analysis 

makes  use  of  the  direction  of  the  sensitivity  at  nominal 
measurement  value  to  perturb  the  component  values  to 
their  tolerance  limits.  The  sensitivity  is  calculated 

j 

at  either  extreme  to  detect  any  sensitivity  sign  (slope) 
change  which  would  be  an  indication  that  the  calculated 
, worst-case  is  not  the  true  worst-case  (i.e.,  the  true 

worst-case  lies  somewhere  between  the  tolerance  limits). 
Even  when  the  signs  don't  change,  there  is  no  assurance 
that  the  calculated  value  is  the  true  minimum  or  maximum 
since  the  sign  may  have  changed  more  than  once  in  the 
interval  (94,103,104].  BELAC,  NAP2,  EXTENDED  SCEPTRE  and 
UCCAP  are  capable  of  performing  worst-case  analysis. 
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Any  one  of  the  above  techniques  (except  the  empirical 
test)  can  be  automated  using  a computer  to  determine  the 
limits  on  measurements.  Worst— case  analysis  is  incoroorated 
into  the  FITS  system  because  of  the  programming  convenience 
and  the  speed  in  computation.  In  most  cases  the  worst-case 
computation  takes  only  a few  (2)  more  iterations  after 
convergence  to  the  nominal  solution.  The  fast  computation 
of  network  parameter  sensitivites  and  approximate  worst-case 
are  made  possible  by  using  the  adjoint  network  of  the 
original  network  due  to  Tellegen's  theorem  f 105  ].  a 
significant  portion  of  the  solution  time  is  spent  to 
calculate  the  nominal  solution  which  takes  well  over  5 
iterations  (about  10  iterations  for  most  circuits  with 
initial  conditions  provided)  (106  ].  Approximate  worst-case 
calculation  does  not  introduce  a significant  overhead  to 

determine  the  test  limits. 

5.6  Abstraction  of  Fault  Isolation  Logic 

The  principal  idea  behind  the  fault  isolation  method 

can  be  simply  expressed  as  the  "classification"  of  failures. 

In  this  work  it  is  assumed  that  the  failures  of  the  UUT  are 

predetermined.  That  is,  before  test  design  is  initiated  the 

failures  which  the  UUT  may  have  are  known.  The  intention  is 

to  find  characteristic  symptoms  of  the  failures  so  that  the 

following  questions  can  be  answered:  (1)  Does  the  UUT  have 

any  one  of  these  predetermined  failures?  (2)  If  it  has  one, 

how  well  can  this  particular  failure  be  identified?  The 

question  of  what  happens  when  the  UUT  has  an  unknown  failure 
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is  not  directly  addressed.  But  there  is  provision  to  detect 


some  of  these  undefined  failures.  It  is  hard  to  predict 


what  the  diagnosis  will  be  when  such  a failure  is 


encountered.  Two  possible  outcomes  of  such  cases  are:  (1) 


the  tests  will  erroneously  select  a diagnosis  and  isolate 


the  unknown  failure  as  one  of  the  predetermined  failures  or 


(2)  none  of  the  diagnoses  of  the  tests  (by  conjunctions) 
will  be  selected,  indicating  that  there  is  an  unknown 


failure  in  the  UUT. 


The  measurements  made  on  a UUT  can  be  used  to  identify 


the  coordinates  (M^  : i=»l,2, 


,n)  of  an  n-dimensional 


failure  symptoms  space  (S-space).  All  failure  modes 


(Fj  : j»l,2,...Np)  of  the  UUT  result  in  a measurement  range 
(failure  symptom)  along  the  measurement  coordinates.  The 


subspaces  bound  by  the  specification  of  failure  symptoms  on 


each  coordinate  define  the  S-cubes  (see  Figure  5.5).  Some 


of  these  ranges  overlap.  The  lower  and  upper  limits  of  the 


nonoverlapping  ranges  are  called  assertion  limits.  The 


assertion  limits  along  each  coordinate  is  used  to  define 


regions  in  the  S-space.  The  space  bound  the  assertion 


limits  along  the  n coordinates  define  n-dimensional 


hypercubes  (A-cubes)  in  the  failure  symptoms  space.  The 

n 


total  number  of  possible  A-cubes  is  N.£^*Tyn^^  where  n^ 


is  the  number  of  assertions  of  measurement  . All  of  the 


S-cubes  are  contained  in  the  larger  A-cubes.  Not  all  of  the 


A-cubes  of  this  space  are  allowed.  If  an  A-cube  contains  a 


valid  S-cube/  it  defines  an  allowed  cube  A-cube . All  regions 


fa 


£ 


w 


1 5 6 


outside  the  allowed  A-cubes  constitute  forbidden  measurement 


regions . The  highest  number  of  allowable  hypercubes  is 
therefore  equal  to  the  number  of  failure  modes  Np  , In  most 
cases,  the  number  of  allowable  A-cubes  is  less  than  Np 
because  some  failure  symptoms  overlap  on  the  measurement 
coordinates.  The  A-cubes  which  do  not  contain  any  S-cube 
should  not  be  measurable  at  all.  Such  A-cubes  and  all  the 
space  outside  the  remaining  A-cubes  (forbidden  regions) 
correspond  to  inconsistent  measurements . Any  measurement 
made  in  a forbidden  region  is  due  to  either  ATE  malfunction, 
or  incorrect  CANA  modelling,  or  an  undefined  failure  mode  of 
the  UUT. 

It  is  desirable  to  transform  each  hypercube  in  the 
S-space  to  a single  point  in  another  space  to  simplify  the 
fault  diagnosis  and  isolation  orocess.  The  designation 
number  of  each  assertion  may  be  interpreted  as  the  number  of 

unit  distances  of  a region  from  an  arbitrary  origin  along 
the  measurement  coordinate.  This  coordinate  system  is 
defined  by  the  name  of  the  corresponding  diagnosis  vector  of 
the  measurement.  This  transformation  enables  the  N 
hypercubes  in  n-dimensional  measurement  space  to  be  mapped 
to  Np  points  (D-point)  in  an  n-dimensional  space.  The 
transformation  space  is  called  the  diagnosis  address  space 
(D-space)  of  the  diagnosis  vectors. 
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It  should  be  clear  that  any  S-cube  within  an  A-cube  is 
also  transformed  to  the  same  D-point  in  the  address  space. 
Each  point  in  the  D-space  is  identified  by  a unique  address 
vector . When  there  are  two  or  more  failure  modes  which  are 
mapped  to  the  same  D-point,  the  implication  is  that,  with 
the  given  failure  symptoms,  these  failures  cannot  be 
distinguished.  Furthermore,  if  the  D-point  which  is  the 
image  of  the  nominal  mode  is  also  the  image  of  a failure 
mode,  then  this  failure  mode  cannot  be  diagnosed.  Since  it 
is  impossible  to  differentiate  between  the  failure  modes 
which  map  to  the  same  point  in  the  D-space  (because  they 
have  the  same  address  vectors)  these  failures  constitute  an 
equivalent  failure  class . Equivalent  failure  classes  are 
defined  by  the  end  points  of  address  vectors  in  the  D-space. 
Figure  5.6  shows  the  address  space  transformation  of  Figure 
5.5 

Like  the  S-space,  the  D-soace  has  allowed  points  which 
are  used  to  diagnose  failures.  It  also  has  unallowed  points 
which  indicate  inconsistency  in  testing. 

The  symptom  and  address  space  interpretations  of  the 
failure  symptoms  are  presented  as  the  abstraction  of  the 
method  used  in  this  work  to  obtain  diagnosis  and  fault 
isolation  information  from  the  tests  conducted. 


I 
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5.7  A Method  for  Selecting  Efficient  Set  of  Tests 


It  is  desirable  to  eliminate  the  tests  and  outcomes  from 
a test  specification  . if  they  do  not  contribute  to  fault 
isolation.  A f igure-of-merit  called  information  gain  is 
used  for  this  purpose.  The  use  of  information  gain  as  a 
f igure-of-merit  (based  on  the  analogy  between  optimum  coding 
problem  and  diagnosis  problem)  was  proposed  by  Brule  et 
al.  [1071  . We  shall  explain  the  analogy  from  a similar 

approach. 

In  the  mathematical  model,  an  information  source  is 
associated  with  entropy  , which  is  thought  of  as  the 

average  amount  of  information  contained  in  each  symbol 
emitted  by  the  source.  Each  test  is  an  independent 
information  source.  The  symbols  emitted  by  the  source  are 
the  outcomes  of  the  corresponding  tests.  The  capacity  C of 
the  channel  is  the  amount  of  information  required  to  isolate 
all  failures.  The  information  not  getting  through  the 
channel  is  called  the  equivocation.  In  the  diagnosis 
problem,  this  is  the  remaining  ambiguity.  The  purpose  of 
the  test  selection  process  is  to  achieve  maximum  diagnostic 
resolution  using  as  few  tests  as  possible.  This  is  done  by 
finding  a number  of  sources  which  contribute  the  maximum  j 

entropy  to  the  system.  A source  provides  no  information  if 
it  does  not  increase  the  entropy  of  the  system. 

Let  N be  the  total  number  of  failures.  Assume  that  all 

failures  are  equally  likely  and  that  there  can  be  only  a 

single  failure.  Then,  the  probability  of  occurrence  of  any 
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test  is; 


The  ambiquity  before  any 
Nf 


3sl 


= - ( T3;  % lir) 


evaluated 


This  is  the  required  channel  capacity  and  the  amount  of 
information  needed  for  fault  isolation.  The  application  of 
a test  reduces  the  ambiguity  if  the  test  contains  non-zero 
information.  That  is,  the  information  gained  by  the  outcome 
of  a test  reduces  ambiguity  when  the  outcome  cannot  be 
predicted  by  other  selected  tests.  The  next  best  test  to 
select  is  the  one  which  reduces  the  ambiguity  most;  or  in 
other  words,  the  best  test  is  the  one  which  yields  the 
highest  average  information  gain: 

YV1 


d'l 


'>;3 


entropy  gain  due  to  test  Tj, 


entropy  due  to  tests  l,2,...,i 


; entropy  of  equivalence  class  j determined 
by  tests  1 , 2 , . . . , i , i+1 


is  a constant;  therefore  is  maximized  at 

maximum  :.  The  next  test  to  be  selected  is  T 


which  Tfn 

f 3 


the 

for 
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1 is  maximum.  Because  we  assumed  that  each  failure  is  equally 

■ likely,  the  probability  of  observing  equivalence  class  j is 

, where  nj  is  the  cardinality  of  the  j equivalence 
' class  determined  by  the  outcome  of  test  T^.,  j 

This  process  is  repeatedly  applied  until  the  average  | 

information  gain  is  zero  or  all  available  tests  are  used. 

The  selected  tests  can  still  be  applied  in  any  sequence.  It 
is  clear  that  if  a test  is  applied  twice,  the  information 
gained  from  the  second  application  does  not  increase  the 
entropy  of  the  system.  This  information  measure  is 
, applicable  to  tests  with  binary  or  multiple  valued  outcomes. 

I 

A result  of  information  theory  indicates  that  entrooy  is 
j maximum  when  p^=p^=...p^.  This  property  causes  the 

selection  of  tests  which  tend  to  isolate  failures  into 
equivalence  classes  containing  equal  number  of  failures. 

This  reduces  the  chances  of  making  false  diagnosis  because 
I each  class  will  tend  to  have  nearly  eaual  number  of  failures. 


i 
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CHAPTER  6 


PROGRAM  DESCRIPTION 

This  chapter  presents  a description  of  the  programs  found 
in  the  FITS  system.  The  description  is  in  sufficient  detail 
which  should  make  the  reader  confortable  enough  to  read  the 
implementation  in  FORTRAN  programming  language. 

The  system  design  is  described  in  five  sections.  They 
are:  (1)  system  initialization,  (2)  failure  simulation  and 
symptom  generation,  (3)  decision  limits  determination  and 
ambiguity  analysis,  (4)  optimization,  and  finally  (5)  NOPAL 
output  generation. 

In  the  system  initialization  section  (Figure  6.1),  the 
user  input  is  scanned  to  create  files  which  are  used  later 
by  the  system.  They  include  the  circuit  description, 
failure  dictionary,  and  the  set  of  all  applicable  tests,  A 
collection  of  statistics  relating  to  the  number  of  failure 
modes,  number  of  tests  and  number  of  computer  simulations, 
and  a rough  estimate  of  simulation  time  are  also  given. 

In  the  failure  simulation  section  (Figure  6.2),  a 
subset  of  the  applicable  tests  is  simulated  using  a circuit 
analysis  program.  Then,  the  circuit  analysis  outout  is 
scanned  to  create  the  failure  symptom  table. 

In  the  decision  limit  determination  section  (Figure 
6.4),  the  failure  symotoms  are  used  to  find  easily 

164 


I 


measurable  regions  of  operation  and  malfunction.  Then,  the  level  of  fault 
isolation  possible  by  these  decision  limits  is  evaluated.  If  the  results 
are  satisfactory,  the  optimization  process  is  initiated.  Otherwise,  simula- 
tion is  resumed  by  trying  the  next  set  of  candidate  tests. 

In  the  optimization  section  (Figure  6.5),  a minimal  number  of  test  set- 
ups are  selected,  and  the  redundant  assertions  are  eliminated  without  loss  of 
fault  isolation  capability.  Only  the  necessary  assertions  to  select  a 
diagnosis  unambiguously  are  retained. 

The  last  section  (Figure  6.6)  is  related  to  the  creation  of  the  NOPAL 
table  and  the  NOPAL  specifications  in  string  language. 

6.1  System  Initialization 

The  four  programs  in  this  section  provide  a convenient  means  to  initial- 
ize the  FITS  system.  They  relate  to  user  input  processing,  failure  dictionary 
generation,  printing  of  the  failure  dictionary,  and  generation  of  candidate 
tests  libraries  (Figure  6.1). 

All  system  data  files  to  be  generated  from  the  user's  input  are  created 
as  sequential  files  on  the  system  storage  devices.  The  purpose  of  this 
organization  is  to  provide  an  external  data  base  so  that  the  user  can  tailor 
the  system  initialization  for  nonstandard  usage.  The  more  important  files 
such  as  the  failure  dictionary  are  immediately  printed.  Other  files  may  be 
printed  on  request.  The  user  can  make  changes,  additions,  or  deletions  to 
these  files  either  by  rerunning  the  initialization  program  or  by  using  the 
computer  system's  "editor"  program. 
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Program  Name;  INITIALIZE 


Purpose ; The  program  reads  the  user  input  from  a single 
source  and  initializes  each  input  section  in  a 
separate  file. 


Input ; 1.  (DSET05)  User  input 


Output;  2. 

2. 

3. 

4. 

5. 

6. 


(DSETIO) 

(DSETll) 

(DSET12) 

(DSET13) 

(DSET14) 

(DSET15) 


Circuit  description 
Initial  conditions 
Test  terminals 

Failure  dictionary  additions 

Objectives 

Accuracy 


Data  Structures;  Free  format  user  input  (see  Appendix  A)  ; 

All  input  and  output  records  are  80  characters 
long.  The  output  records  are  exact  duplicates  of 
the  input  records. 


Algorithm; 

Step  1.  Read  (DSET05)  and  copy  each  input  section  to  its 
own  data  set; 

Step  2,  For  the  input  sections  which  are  not  specified 
generate  the  section  identifier  record  and  close 
all  data  sets; 

Step  3.  (End  of  program]  Stop; 
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Program  Name;  GENERATE  DICTIONARY 


Puroose : 


The  program 
generates  a 
catastrophic 
terminals  ar 
default  test 


reads  the  ci 
failure  diet 
failures  of 
e specified,  i 
terminals . 


rcuit  description 
ionaty  containing 
the  UUT.  If  no 
t also  generates 


and 

the 

test 

the 


Incut:  1. 

2. 


(DSETIO)  Circuit  description 
(DSET12)  Test  terminals 


Outout:  1, 

2. 


(DSET12)  Test  terminals 
(DSET17)  Failure  dictionary 


Data  Structures: 

(DSET17)  Failure  dictionary,  see  Table  6.1. 


Algorithm: 

Step  1:  Write  (DSET17)  identification  section; 

Step  2:  Read  (DSETIO)  a record  from  the  circuit 

description  file;  if  end-of-file  then  go  to  Steo 
5; 

Step  3:  If  it  is  a component  with  failure,  then  generate 

its  failure  definition  entries  in  DSET17; 

Step  4:  Go  to  Step  2; 

Step  5:  Close  DSET17; 

Step  6:  Read  (DSET12)  test  terminals;  if  there  are  any 

test  terminal  statements,  then  go  to  Step  9; 

Step  7:  Rewind  DSET17  and  write  (DSET12)  all  circuit  nodes 

in  the  dictionary  as  test  terminals; 

Step  9:  (End  of  program]  Stoo; 
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TABLE  6.1  DATA  FIELDS  IN  FAILURE  DICTIONARY 


+ + 

£ I COLUMN  RANGE  | 

ID.  I 1-4 


COMPONENT 

NAME 


5-16 


FAILURE 

FUNCTION 


17-20 


NODES 


21-32 


CHANGE 


33-36 


TYPE 


37-40 


PARAMETER 


41-52 


VALUE 


53-64 


ALIAS 


65-76 


INDEX 


82-83 


DATA  TYPE 

.aaaaaaaaa 

integer 

(14) 


alphanum 

(3A4) 


integer 

(14) 


integer 

(314) 


integer 

(14) 


integer 

(14) 


alphanum 

(3A4) 


alphanum 

(3A4) 

alohanum 

(3A4) 


inteqer 

(12) 


4— — _______ _______ 

1 DESCRIPTION 

I Failure  mode  sequence 
I number 

-- 

I Name  of  the  component 
I as  it  appears  in  the 
I circuit  description 

4 

I Name  of  the  failure 
I function  of  the 

I failure  of  the 

I component 

_________ 

I Identifies  the 

I incidence  of  the 

I component  on  the 

I circuit  nodes 

4 

I Describes  the  chance 
I in  the  nominal  circuit 
I due  to  the  failure 

4 

I For  simple  failures 

I identifies  the  new 

I component  type. 

I Otherwise  describes 
I where  the  definition 
I is  to  be  found. 


I Value  of  the  new 
I component  or 

I subcircuit  library 

I member  name 

4____ 

I Value  of  the  component 
1 in  the  nominal  circuit 


I Alternate  failure 
1 function  name.  This 
I name  is  passed  to  the 
1 bottom  part. 

4 — . - 

1 Failure  rate  index  is 
I not  currently 

I supported  by  FITS.  If 
I supplied,  it  is  oassed 
I on  to  the  bottom  part. 


169 


Proqram  Name;  PRINT  DICTIONARY 


-.-a, 


Purpose ; The  proqram  reads  the  failure  dictionary  and 
prints  a user  oriented  tabular  form  of  the 
internal  representation. 

Input t 1.  (DSET17)  Failure  dictionary 

Output ; 1.  (DSET06)  Printer  output 
2.  (DSET50)  Work  file 

Alqorithm; 

Step  1;  Print  failure  dictionary  identification; 


Step 

2: 

Read  (DSET17)  a failure 

end-of-file,  then  qo  to  Step  6; 

definition ; 

if 

Step 

3: 

Convert  internal  representation 
external  representation; 

of 

symbols 

to 

Step 

4 ; 

Print  the  external  representation 
definition; 

of 

the  failure 

Step 

5; 

Go  to  Step  2; 

Step 

6: 

(End  of  proqram]  Stop; 

I 


Program  Name;  TEST  GENERATOR 

Purpose ; The  program  generates  all  candidate  tests  as 
partially  specified  NOPAL  test  modules  and  as 
complete  NAP2  input. 

Input ; 1.  (DSET05)  Strategy  control 

2.  (DSETIO)  Circuit  description 

3.  (DSETll)  Initial  conditions 

4.  (DSET12)  Test  terminals 

5.  (DSET13)  Failure  dictionary  additions 

6.  (DSET17)  Failure  dictionary 

Output : 1.  (DSET06)  Printer  output  (error  messages) 

2.  (DSET18)  NAP2  candidate  tests  library 

3.  (DSET19)  NOPAL  candidate  tests  library 

4.  (DSET50)  Work  file 

Data  Structures:  (DSET05)  Strategy  control,  see  Table  6.2 

(DSET18)  80-byte  records  written  in  NAP2 
input  language. 

(DSET19)  80-byte  records  written  in  NOPAL 
language. 


Algorithm 

• 

• 

Step 

1. 

Write  (DSBT18)  NAP2  candidate  tests 

identification; 

library 

Step 

2. 

Write  (DSET19)  NOPAL  candidate  tests 

identification ; 

library 

Step 

3. 

Read  (DSET05)  test  generator  control  options; 

Step 

4. 

Read  (DSET12)  test  terminals; 

Step 

5. 

Read  (DSET17)  failure  dictionary; 

Step 

6. 

If  cold  circuit  strategy  tests  are  desired,  then 
call  subprogram  CCTEST; 

Step 

7. 

If  direct  current  and  user  defined  strategy  tests 
are  desired,  then  call  subprogram  DCTEST; 

Step 

8. 

Close  files  DSET18  and  0SET19; 

Step 

9. 

Print  types  of  strategies  used,  number 
generated,  and  expected  simulation  time; 

of  tests 

Step 

10. 

(Test  generation  comoletedl  Stop; 

TABLE  6.2  TEST  STRATEGY  CONTROL  OPTIONS 


+ + 

DEFAULT 

0 


NAME 

STRTGY 


COLUMN 

RANGE 


DESCRIPTION 


0 — CC,  DC  and  UD  strategy 

tests 

1 — CC  strategy  tests  only 

2 — DC  and  UD  strategy  tests 


OUTPUT 


0 — both  NAP2  and  NOPAL 

1 — NAP2  only 

2 — NOPAL  only 


ONLY 


3-6 


<N  > 


<N  > number  of  failures  to  be 
simulated.  If  <N  >=1,  then  only 
the  nominal  circuit  description 
is  in  simulations. 


SEQTM 


7-10 


last  test  module  seouence  number 


SEQSTM 


11-14 


last  stimulus  sequence  number 


SEQMSR  I 15-18  | 0 

+ + 


last  measurement  sequence  number 


Subprogram  Name;  CCTEST 

Purpose ; This  subproaram  generates  only  the  cold  circuit 
strategy  tests  in  NAP2  and  NOPAL  languages  Cold 
circuit  tests  apply  a small  current  source  shunted 
by  a small  conductance  across  all  pairwise 
combinations  of  test  terminals.  The  worst-case 
voltage  measurement  across  the  test  terminals 
where  the  current  source  is  applied  is  used  to 
estimate  the  dc-impedence  of  the  UUT  between  these 
terminals.  Because  the  magnitude  of  the  apolied 
current  is  extremely  small  it  is  not  aonlied  at 
reversed  polarity. 


Algorithm; 
Step  1. 

Step  2. 

Step  3. 


For  all  combinations  of  test  terminals  taken  two 
at  a time  do  Steps  2 through  3; 


Call  subprogram  CCNOPL  to  write  the 
specification  in  NOPAL; 


test 


Call  subprogram  CCNAP2  for 
the  failure  dictionary  to 
statements  to  simulate  the 
ohmmeter ; 


each  failure  node  in 
generate  the  NAP2 
application  of  an 


Step  4, 


Return  to  main  program; 


Subprogram  Name;  DCTEST 


Purpose ; The  program  generates  the  direct  current  and  user 
defined  tests  in  NAP2  and  NOPAL  languages.  In  the 
DC  test  strategy  instructions  are  written  to 
connect  the  power  supplies  of  the  UUT,  Then 
instructions  are  generated  to  calculate  the 
currents  through  the  voltage  sources,  the  voltages 
across  the  current  sources  and  the  voltage  level 
at  the  remaining  test  terminals.  If  there  are  any 
user  defined  test  strategies  they  are  also 
processed.  If  there  are  any  conditions  which  the 
user  wants  to  be  calculated  to  check  for 

overstressing,  they  too  may  be  requested  for 
output.  However,  these  results  are  ignored  by  the 
FITS  programs. 

Algorithm; 


Step 

1. 

Input  (DSE'i’ll)  an  initial  condition;  if 

end-of-file,  then  return  to  main  program; 

Step 

2. 

If  the  initial  condition  involves  a user  defined 
strategy,  then  go  to  Step  8; 

Step 

3. 

(DC  strategy]  For  all  power  supplies  of  the 
circuit,  do  Step  4; 

Step 

4. 

If  the  power  supply  is  a voltage  source,  then 
measure  the  current  through  the  voltage  suoply; 

4.1 

Call  subprogram  DCNOPL  to  write  the  test 

specification  in  NOPAL; 

4.2 

Call  subprogram  DCTYPl  to  write  the  test 
soecif ications  for  each  failure  definition  in  the 
dictionary; 

Step 

5. 

If  the  power  suoply  is  a current  source,  then 
measure  the  voltage  across  the  connecting 
terminals;  call  suborograms  DCNOPL  and  DCTyP2; 

Step 

6. 

For  all  test  terminals  which  are  not  incident  on 
oower  supolies,  measure  the  voltage  across  the 
test  terminal  and  ground;  call  suborograms  DCNOPL 
and  DCTYP3; 

Step 

7. 

Go  to  Step  1; 

Step 

3. 

Separate  the  NAP2  and  NOPAL  statements  and  write 
them  into  their  files;  reoeat  the  test  for  each 
failure  in  the  dictionary; 

Step 

9. 

(Start  with  a new  initial  condition]  Go  to  Steo  1; 
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6.2  Failure  Simulation  and  Symptom  Generation 

The  inout  preoared  by  the  candidate  tests  program  is 
analyzed  by  the  NAP2  circuit  analysis  program.  The  design 
of  this  stage  treats  the  CANA  system  as  a black  box  and  uses 
it  without  any  internal  changes  of  the  source  code.  In 
spite  of  the  fact  that  time  and  memory  may  be  saved  by  a 
special  purpose  CANA  package  for  FITS,  it  was  chosen  to 
incorporate  NAP2  as  it  is  available  to  any  other  user. 
Hence,  improvements  made  to  the  NAP2  program  can  be  used 
without  necessitating  changes  in  the  FITS  system.  As  a 
matter  of  fact,  NAP2  may  be  replaced  altogether  by  another 
CANA  package  after  properly  modifying  the  syntactical 
portions  of  the  candidate  tests  generator  program  and  the 
failure  symptom  generator  program.  No  changes  in  the 
remaining  programs  of  the  FITS  system  would  be  necessary. 

The  second  program  searches  through  the  simulation  output 
and  creates  the  failure  symptom  program  (See  Figure  6.2). 

Program  Name;  NAP2 

Purpose;  The  program  simulates  the  tests  for  the  nominal 
and  the  failed  UUT  to  determine  the  failure 
symptoms  at  the  indicatf»d  test  terminals. 

Input ; 1.  (DSET05)  NAP2  candidate  tests  library 

Output;  2.  (DSET06)  NAP2  simulation  outout 

Data  Structures;  (DSET06)  is  the  printer  output  of  NAP2. 

Each  output  record  is  132  bytes  long.  For  the 
format  of  output  records  see  the  examples  in 
Appendix  A. 
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Limit  Finder 


FiRure  6.2  Failure  Simulation  and  Symptom  Generation 


I 


Figure  6.3  shows  the  program  structure  of  the  NAP2 


circuit  analysis  program.  Here  only  a general  description 
of  the  program  is  given.  The  readers  interested  in  the 
details  of  NAP2  can  find  the  full  documentation 
in  the  user's  manual. 

Nonlinear  Analysis  Program  {NAP2)  has  the  caoability  of 
performing  steady  state,  frequency  domain  and  transient 
analyses  of  lumped  element  electronic  circuits.  The  input 
language  is  easy  to  use  and  allows  the  user  to  build  models 
and  subcircuits  which  can  be  stored  in  a library  file  for 
later  use.  It  may  be  executed  interactively  from  a comouter 
terminal.  The  program  provides  diodes,  bipolar  and  field 
effect  transistors  as  built  in  models.  Other  models  can  be 
built  according  to  the  user's  definition.  NAP2  is  well 
suited  for  stiff  and  nonlinear  systems  simulation.  The 
solution  is  based  on  a hybrid  formulation  of  network 
equations  using  snarse  matrix  techniques.  For  nonlinear 
circuits  a modified  Newton-Raohson  iteration  method  with 
damping  is  used.  In  transient  analysis  an  imolicit, 

variable-order,  variable-step  integration  scheme  is  used.  A 
constant  step  size  and/or  fixed  order  integration  may  be 

selected.  Network  sensitivities  are  computed  from  adjoint 
network  in  the  steady  state  and  frequency  domain  analysis, 
while  the  time  dependent  sensitivities  are  calculated 
directly  from  the  difference  equations  produced  by  the 
integration  formuli.  All  circuit  parameters  may  be 
functionally  dependent  on  other  parameters  or  on  the  circuit 
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responses.  General  nonlinearities  are  modelled  in  this  fashion.  Automatic 
design  is  made  possible  by  the  use  of  an  optimization  loop.  This  technique  is 
based  on  a modified  least  squares  method,  which  seems  to  behave  well  for  some 
problems . 

The  dc  analysis  provides  the  steady  state  solution.  In  this  mode  all 
capacitors  are  treated  as  open  circuits,  and  all  inductors  are  treated  as 
short  circuits.  The  solution  is  based  on  hybrid  formulation  of  the  network 
equations  which  means  that  the  primary  variables  are  the  node  voltages  and  the 
impedance  currents.  The  system  equations  are  solved  by  a sparse  matrix  LU 
decomposition.  If  the  circuit  is  nonlinear,  the  basic  Newton-Ralphson  itera- 
tion is  used.  When  the  dc  operating  point  has  been  determined,  linearized 
small-signal  models  are  produced. 

In  dc  analysis  operating  point,  linear  or  logarithmic  parameter  varia- 
tion, variable  step  parameter  variation,  large-signal  driving-point  response, 
small-signal  transfer  response,  small-signal  AC  model,  sensitivities,  optimi- 
zation, tolerance  analysis  (root-sum-square  of  weighted  sensitivities),  worst- 
case,  noise,  temperature  dependency  and  Fourier  transforms  may  be  performed. 

Network  response  in  time  domain  is  solved  by  Integrating  the  network 
differential  equations  using  an  implicit,  variable  order,  variable  step  size 
integration  scheme.  Transient  analysis  provides  a large-signal  time  response 
of  the  circuit.  Before  transient  analysis  the  initial  conditions  may  be  cal- 
culated by  the  dc  option.  The  user  may  also  input  desired  initial  conditions 
to  the  primary  variables.  In  transient  analysis,  large-signal  time  response, 
small-signal  transfer  step  response,  sensitivities,  optimization  and  Fourier 
transform  may  be  performed. 

Any  circuit  element's  value,  voltage,  current  or  power  dissipation,  any 
node  voltage  or  any  calculated  parameter  may  be  requested  for  output. 

The  program  is  coded  in  about  6500  FORTRAN  statements.  The  small  ver- 
sion (100  kilobytes)  can  analyze  circuits  with  50  nodes  and  200  branches,  and  | 

the  bigger  version  can  analyze  circuits  containing  up  to  500  nodes  and  | 


NAP2  was  developed  by  the  Northern  Europe  University 
Computing  Center  (NEUCC) , Technical  University  of  Denmark  in 
Lyngby. 


Program  Name;  FAILURE  SYMPTOM  TABLE  GENERATOR 

Purpose ; The  program  searches  the  NAP2  simulation  output 
and  extracts  only  the  data  which  is  used  by  the 
FITS  system.  The  purpose  of  this  process  is  to 
communicate  the  circuit  analysis  results  to  the 
remainder  of  the  FITS  system.  It  searches  the 

bulky  simulation  results  and  extracts  all 
significant  data  of  failure  analysis.  This 

information  is  put  into  the  failure  symotom  table. 
If  during  the  search  process  "NO  CONVERGENCE" 
messages  are  detected  they  are  printed  separately 
with  proper  identification.  The  user  is  then 
expected  to  remove  these  conditions  by  providing 
better  initial  conditions  to  restart  the 
Newton-Ralohson  iteration. 

Input t 1,  (DSET20)  NAP2  simulation  output 

Output ; 1.  (DSET06)  Printer  output  (convergence 

problems ) 

2.  (DSET21)  Failure  symptom  table 

Data  Structures;  (DSET21)  See  Table  6,3 


Algorithm; 


Step  1.  Read  (DSET20)  .the  next  run  identification;  if 
end-of-file  then  stop; 

Step  2,  Find  the  nominal,  minimum  and  maximum  worst-case 
measurements  and  sensitivity  values; 


Step  3.  Write  the  record  on  0SET21; 

Step  4,  If  'NO  CONVERGENCE'  message  is  found,  then  display 
the  run  identification  on  the  printer; 


Step  5,  (Process  the  next  failure  symptom)  Go  to  Step  1; 
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TABLE 

6.3  DATA 

FIELDS  IN  THE  FAILURE  SYMPTOM  TABLE 

1 

X 

NAME 

i 

1 

COLUMN  RANGE  1 

DESCRIPTION 

STIM 

2-5 

1 

stimulus  sequence  number 

MEAS 

1 

6-9 

1 

_ X 

measurement  sequence  number 

FAULT 

1 

10-13 

•"•  — T 

1 

X 

failure  sequence  number 

NAME 

1 

1 

17-28 

1 

1 

— X. 

target  variable  name  (identifies  the 
measurements ) 

NOM 

1 

29-42 

1 

nominal  measurement 

MIN 

j 

45-58 

1 

X. 

minim.ura  worst-case  measurement 

MAX 

1 

61-73 

1 

X 

maximum  worst-case  measurement 

SNOM 

1 

1 

76-88 

1 

1 

X. 

root  sum  square  (RSS)  sensitivity  of 
nominal  measurement 

SMIN 

i 

1 

89-101 

1 

1 

X, 

RSS  sensitivity  of  minimium  worst- 
case  measurement 

SMAX 

1 

102-114 

1 

RSS  sensitivity  of  maximum  worst-case 

measurement 


4 + 


6.3  Decision  Limits  Determination  and  Ambiguity  Analysis 

The  first  orogram  in  this  section  reads  the  failure 
symptom  table  and  generates  the  assertions  from  each  test 
while  taking  the  measurement  inaccuracy  into  consideration. 

In  order  to  evaluate  the  level  of  fault  isolation 
achieved  with  the  information  accumulated  up  to  this  stage, 
a simple  ambiguity  analysis  is  performed.  The  results  of 
ambiguity  analysis  are  compared  to  the  test  objectives  set 
forth  by  the  user  (see  Figure  6.4).  If  the  fault  isolation 
objectives  are  not  satisfactory  some  more  of  the  tests  are 
simulated  and  evaluated  similarly.  If  the  objectives  are 
satisfied,  then  the  optimization  process  is  started. 
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Program  Name:  DECISION  LIMIT  FINDER 


Purpose t The  program  generates  the  assertion  limits  and 
decoder  matrix  from  the  failuj'e  symptom  table. 

Input : 1.  (DSET15)  Accuracy 

2,  (DSET17)  Failure  Dictionary 

3.  (DSET21)  Failure  symptom  table 

Output t 1.  (DSET06)  Printer  outout  (error  messages) 

2.  (DSET22)  Assertion  limit  and  binary 
valued  decoder  table 

3.  {DSET23)  Test  limit  and  multiple 
valued  decoder  table 

4.  {DSET24)  Decoder  matrix 

Data  Structures: 

1.  (DSET22)  see  Table  6.4 

2.  (DSET23)  see  Table  6.5 

3.  {DSET24)  same  as  DSET22  or  DSET23  deoendinq  on 
the  sort  strateqy. 

Algorithm: 

Step  1,  (identify  output  files)  Write  the  identification 
sections  of  DSETs  22,  23  and  24; 

Step  2.  [inout  accuracy  control  ootions]  Read  from  DSET15 
ZDSCRM,  ACRCY,  NSIGD,  ISORT,  lOPTM  and  IMSNG; 

Step  3.  [input  the  failure  symotoms  from  a test)  Read  from 
DSET21  all  the  failure  symotoms  that  belong  to  the 
same  test;  if  end-of-file,  then  go  to  Step  11; 

Steo  4.  (adjust  for  inaccuracy)  For  each  failure  symotom 
Sj  do  Steps  4.1  through  4.5: 

4.1  If  abs (min (S j ) ) <ZRDSCRM , then  min(Sj)'^  0; 

4.2  If  abs  (max  (Sj)  XZDSCRM,  then 

max  (Sj).*—  sign  (max  (Sj)  *ZDSCRM; 

4.3  (decrease  the  lower  limit  by  scale  inaccuracy) 

min  (S  j ) siqn(min(Sj)*abs(min(Sj))*(  1-ACRCY/lOO)  ; 

4.4  (increase  the  upper  limit  by  scale  inaccuracy) 

max (S j ) sign  (max (S 7 ) *abs (max (Sj ) ) * ( 1+ACRCY/lOO ) ; 

4.5  (retain  significant  digits)  Round  uo  upper  limit 
to  NSIGD,  and  round  down  lower  limit  to  NSIGD; 

Step  5.  (process  missing  failure  symotoms) 

5.1  Read  in  the  CHANGE  ootions  from  the  failure 


is: 


5.2  Delete  the  failure  symotoms  which  have  beer, 
declared  "delete"  in  the  chanae  options; 


5.3  Duplicate  the  syriptoms  of  failures  which  are 
declared  to  be  same  as  another  failure; 

5.4  Cooy  the  symptoms  of  the  failure  sequence  number 
IMSNG  into  the  missinq  failure  symptoms; 


} 


Step  6.  [create  assertions]  Find  the  nonover lapoing  ranges 
of  measurements  and  identify  the  failures  which 
fall  into  these  ranges; 

Step  7.  [create  binary  valued  decoder  matrix]  Create  a row 
for  each  assertion  in  the  BVDM  where  the  columns 
are  labelled  by  failure  seauence  numbers:  out  1 
under  the  column  of  a failure  which  has  its  syinjitom 
in  the  range  of  this  assertion,  otherwise  put  0; 

Step  8.  [create  multiple  valued  decoder  vector]  For  the 
current  test  create  the  MVDV  by  placing  the 
designation  number  of  the  assertion  in  the  column 
of  the  failure  which  has  its  symptom  in  that 
assertion  range; 

Step  9.  [calculate  the  average  sensitivities  and  standard 
deviation]  For  each  assertion  and  test  calculate 
the  root  sum  square  average  and  the  standard 
deviation  of  the  sensitivities  of  the  failure 
symptoms;  output  the  result  on  DSET22  and  DSET23; 

Step  10.  [process  the  next  test]  Go  to  Step  1; 

Step  11.  [sort  assertions  and/or  tests]  If  the  sort  of 
assertions  and  tests  are  requested  sort  them  bv 
calling  the  bubble  sort  subprogram  BUBSRT 
according  to  increasing  sensitivity  order; 

Step  12.  [print]  Print  DSET22  and  DSET24; 

Step  13.  [end  of  program]  Stoo; 


r 


AD>A056  660  MOORE  SCHOOL  OF  ELECTRICAL  ENGINEERING  PHILADELPHIA  P~ETC  F/G  9/3 
AUTOMATED  TEST  DESIGN. (U) 

JUN  78  C TINA2TEPE  DAAA25-75-C-0650 

UNCLASSIFIED  77-03  ECOM-75-0650-F-2  NL 

3cf4 


TABLE  6.4  DATA  FIELDS  IN  ASSERTION  LIMIT 
. AND  BINARY  VA1,UED  DECODE. R TABLE 


I 


i 


i 


NAME  I 

SEO  I 

+ 

STIM  I 

+ 

MEAS  I 

+ 

TARGET  I 

+ 

OESIG  I 

+ 

LOWER  LIMIT  I 


UPPER  LIMIT  I 

+ 

SENSITIVITY  I 
(RSS)  I 
I 

— - — 

SENSITIVITY  I 
. (STD)  I 


COLUMN  R.ANGE  1 


1-4 

5-8 

9-12 

13-24 

25-28 

29-43 

59-73 

74-88 


+ 

I 

+ 

I 

+ 

I 

f 

I 

+ 

I 

4 

I 

+ 


89-103  I 


BVDV 


104-303 

(100*12) 


DESCRIPTION 

axacssexsassaaBscBaxssBsxssaaasssasssssaB 

row  count  of  the  assertion 


stimulus  sequence  number 


.measurement  sequence  number 


target  variable  name 


assertion  designation  number 


assertion  lower  limit 


assertion  uooer  limit 


root  sum  square  of  the  sensitivities 
of  the  failure  symptoms  found  in  this 
assertion  range 


standard  deviation  of  the  sensitivies 
of  the  failure  symptoms  found  in  this 
assertion  range 


binary  valued  diagnosis  vector 
showing  which  failures  have  their 
symptoms  in  this  assertion 
(1  indicates  in  ranqe, 

0 indicates  out  of  ranqe) 
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TABLE  6.5  DATA  FIELDS  IN  THE  TEST  LIMIT  AND 
MULTIPLE  VALUED  DECODER  TABLE 


NAME 


SEQ 


I COLUMN  RANGE  | 

4 + 

I 1-4  I 


STIM 


MEAS 


TARGET 


DESIG 


+ 

I 

+ 

I 

+ 

I 

+ 


+ 

LOWER  LIMIT  I 


— ” — +' 
UPPER  LIMIT  I 
I 

+ 

SENSITIVITY  I 
(RSS)  I 

+ 

SENSITIVITY  I 
(STD)  I 
I 

+ 

MVDV  I 


5-8 

9-12 

13-24 

25-38 


29-43 


59-73 


74-88 


89-103 


+ 

I 

+ 

I 

+ 

I 

+ 

I 

I 

+ 

I 

I 

■+ 

I 

I 

•+ 

I 

I 

■+ 


+ 

104-303  I 
(100*12)  I 


DESCRIPTION 


pointer  to  the  first  row  of  the 
assertions  that  belonq  to  this  test 
in  the  Assertion  Limit  and  Binary 
Valued  Decoder  Table 


stimulus  sequence  number 


measurement  sequence  number 


tarqet  variable  name 


total  number  of  assertions  of  this 
test 


absolute  minimum  measurement  oossible 
due  to  any  failure 


absolute  maximum  measurement  possible 
due  to  any  failure 


root  sum  square  of  the  sensitivities 
of  all  of  the  symptoms  of  failures 


standard  deviation  of  the 
sensitivities  of  all  of  the  symptoms 
of  failures 


multiple  valued  diaqnosis  vector, 
each  entry  contains  the  desiqnation 
number  of  the  assertion  which 
contains  the  symptom  of  failure 
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Program  Mame;  AMBIGUITY  ANALYSIS 

Purpose ; The  program  finds  the  faults  which  can  not  be 
distinguished  from  one  another  with  the  available 
tests.  It  produces  an  ambiguity  report  showing 
the  level  of  fault  isolation  possible  with  the 
current  decoder  matrix. 


Input;  1.  (DSET14)  Objectives 

2.  (DSET24)  Decoder  matrix 

Output;  1.  (DSET06)  Printer  output  (ambiguity  report) 

2.  (DSET25)  Ambiguity  summary 

3.  (DSET26)  Equivalence  class  vector 


Data  Structures; 

(DSET25)  Tabular  listinq 
summary^  format  free. 


of  ambiguity 


(DSET26)  100  integers  each  occupying  2 
columns  positionally  indicatino  which 
equivalence  class  a failure  belongs  to. 


Algorithm 

• 

• 

Step 

1. 

(identify  output  files]  Write 

section  of  DSET25  and  DSET26; 

identification 

Step 

2. 

[input  fault  isolation  objectives] 
from  DSET14; 

Read  objectives 

Step 

3. 

[input  MVDMJ  Read  multiple  valued 
from  DSET24f 

decoder  matrix 

Step 

4. 

[identify  distinct  address  vectors]  Call 
subprogram  LEAVES  to  determine  the  distinct 
address  vectors  and  the  corresponding  failures; 

Step 

5. 

[print  results]  Print  the  ambiguity  report  and 
summary  on  DSET06; 

Step 

6. 

[save  equivalence  class  names  vector]  Write  the 
equivalence  class  vector  on  DSET26f 

Step 

7. 

[end  of  ambiguity  analysis]  Stop; 

I 
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6.4  Ootimization  to  Minimize  Test  Lenqths 

There  are  three  programs  of  this  section  (see  Figure 
6.4).  The  first  program  "Optimize  Setup  or  Assertion" 
serves  two  purooses.  If  the  input  is  a multiple  valued 
decoder  matrix,  the  number  of  different  test  setups  is 
minimized.  However,  if  the  input  is  a binary  valued  decoder 
matrix,  then  the  number  of  assertions  is  minimized.  In  case 
the  multiple  valued  decoder  matrix  is  optimized,  then  the 
program  called  "Transform  Multiple  to  Binary"  must  also  be 
executed  if  the  number  of  assertions  are  to  be  optimized. 
The  third  program  called  "Optimize  Assertions  per  Diagnosis" 
must  be  executed  before  NOPAL  output  processing.  The 
optimization  process  in  this  program  may  be  omitted.  The 
input  may  be  multiple  or  binary  valued  decoder  matrix.  The 
output  is  the  diagnosis  matrix  which  is  used  in  NOPAL 
generation. 


From  • j 

Ambisult/  An«Ior*l*  ] 


Figure  6.5  Optimization  to  Minimize  Test  Length 
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Program  Name;  OPTIMIZE  SETUP  OR  ASSERTION 

Purpose ; The  orogram  finds  a subset  of  the  test  setups  or 
assertions  which  can  yield  the  same  level  of  fault 
isolation  as  the  complete  set  can. 

Input : 1.  (DSET24)  Decoder  matrix 

Output ; 1.  (DSET06)  Printer  output  (entropy  evaluation) 

2,  (DSET27)  Reduced  decoder  matrix 

Data  Structure; 

DSET27  is  organized  same  as  DSET24 


Algorithm: 


Step  1. 
Step  2. 
Step  3. 

Step  4, 

Step  5, 

Step  6, 


(identify  output  file]  Write  the  identification 
section  of  DSET27; 

[inout  test  identification  and  decoder  matrix] 
Read  ID  and  DM  from  DSET24; 

[find  the  test  with  maximum  entropy]  Call 
subprogram  GENCDV  to  calculate  the  entropy  for  the 
tests  not  already  included  in  the  tree.  Include 
the  test  with  the  highest  entropy  in  the  next 
level  of  the  fault  isolation  tree; 

(termination  check]  If  all  of  the  tests  are 
included  in  the  tree  or  the  entropy  has  not 
increased  by  the  inclusion  of  the  next  then  go  to 
Step  5 else  go  to  Step  3; 

(print  summary]  Print  the  entropy  of  each 
individual  test  and  the  cumulative  entropy  at  each 
level  of  the  fault  isolation  tree; 

(end  of  program]  Stop; 


189 


I 


i 


Program  Name;  TRANSFORM  MULTIPLE  TO  BINARY 

Purpose;  The  program  converts  the  multiple  valued  decoder 
matrix  to  a binary  valued  decoder  matrix.  It 
avoids  a time-costly  search  throuqh  the  assertion 
limit  and  binary  valued  decoder  table. 

Inout t 1.  {DSET27)  Multiole  valued  decoder  matrix 

Output ; 1.  (DSET28)  Binary  valued  decoder  matrix 


Algorithm; 

Step  1.  (input  a multiple  valued  decoder  vector]  Read  a 
MVDV  from  DSET27;  if  end-of-file,  then  stoo; 

Step  2.  [generate  binary  valued  vectors]  Do  Steps  3 

throuqh  4 for  i from  1 until  ASSERT  (where  ASSERT 
is  the  number  of  assertion  of  the  test)  ; 

Step  3.  For  j from  1 until  N p (where  Np  is  the  number  of 

failures)  ;if  MVDV(j)ai,  then  BVDV(i)e'l  else 

BVDV  ( i )'^0 ; 

Step  4.  (output  BVDV]  Write  BVDV  to  DSET28; 

Step  5.  (continue  with  the  next  MVDV]  Go  to  Step  1; 


\ 
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Proqram  Name;  MINIMIZE  ASSERTIONS  PER  DIAGNOSIS 


Purpose ; The  prooraii  produces  minimum  lenqth  test 
specifications  for  each  equivalent  group  of 
failures. 


Inout ; 1.  (DSET15)  Accura 

2.  (DSET26)  Equival*.  ce  class  vector 

3.  (DSET27)  Decoder  matrix 


Outout:  1. 

■ 2. 


(DSET06)  Printer  output  (summary) 
(DSET29)  Diagnosis  matrix 


Data  Structures;  (DSET29)  see  Table  6.6 


Alqor ithm: 


Steo  1. 
Step  2. 
Step  3. 
Step  4. 
Step  5. 


Write  the  identification  section  of  DSET29; 

Read  lOPTM  control  from  DSET15; 

Input  equivalence  class  vector  from  DSET26; 

Input  decoder  matrix  from  DSET27; 

Compress  the  decoder  matrix  usinq  the  equivalence 
class  vector  such  that  all  columns  are  distinct; 


Step  6, 
Step  7. 

Step  8. 
Step  9. 


If  IOPTM»0,  then  qo  to  Step  8; 

Find  the  minimum  lenqth  join  of  tests  or 
assertions  to  distinguish  one  diannosis  from 
another ; 

Calculate  and  print  the  test  length  statistics; 

If  the  inout  decoder  matrix  was  multiple  valued, 
transform  it  to  binary  valued; 


Step  10.  [write  the  diagnosis  selection  logic  matrices] 
Write  DM  (selection  by  disjunctions)  and  CM 
(selection  by  conjuntions)  to  DSET29; 


Step  11 


[end  of  proqram]  Stop; 


217-416  I diaqnosis  selection  by  conjunctions 
(100*12)  I (0  means  blank,  1 means  selection  by 
I conjuntion  "s",  and  2 means  selection 
1 by  negated  conjunction  (i-).  The 
I columns  are  labelled  by  the  distinct 
I eouivalence  classc's. 


6,5  Nopal  Output  Generation 

There  are  two  programs  in  this  section  (see  Figure  6,6), 
The  first  program  generates  the  tabular  NOPAL  soecif ication. 
The  second  program  generates  the  comolete  NOPAL 
specifications. 

The  tabular  NOPAL  specification  is  intended  to  he  a 
convenience  for  the  reader  of  the  NOPAL  soecif ication.  In 
this  table  the  emphasis  is  on  the  diagnosis  selection  logic 
section  of  the  test  modules.  It  helos  the  user  to  see  the 
"sparseness"  of  the  diagnosis  selection. 

The  output  of  the  second  program  is  in  a form  which  can 
be  directly  given  to  the  bottom  oart  of  the  NOPAL  processor. 


f 


NOPAL 

>p«clflcatl 


DSET19 


OlssertloQ 
Limit  Tab 


OptlBilzatlon 


Tabular 
NOPAL  Outpu 
DSET06  _ 


Print 

NOPAL 

Tabl* 


functions 


Failure 

Dictlona 


DSET17 


DSKT30 


Bottom  Part  of 
NOPAL 


Ambiguity 

Summary 


DSETE5 


diagnosis 
Selection 
Matrix 
. DSSS29 


NcTAl.  (.Xitput  iVnoration 


Fijjure 


Proqcam  Name;  PRINT  NOPAL  TA2LE 


Purpose ; The  program  prints  the  diagnosis  matrix  in  a 
tabular  form  with  test  identification. 

Input ; 1.  (DSET29)  Diagnosis  matrix 

Output ; 1.  (DSET06)  Printer  outout  (NOPAL  table) 

Algor ithm; 

Step  1.  Read  diagnosis  matrix  from  DSET29; 

Step  2.  Convert  internal  representation  of  diagnosis 
selection  Ionic  to  NOPAL  symbols  and  orint  in 
tabular  form; 

Steo  3,  Stoo; 


Program  Name:  WRITE  NOPAL  SPECIFICATIONS 


Purpose ; The  program  writes  the  test  specifications  in 
NOPAL.  language. 


Input ; 


1.  (DSET08)  ATE  function  definition 

2.  (DSET12)  Test  terminals 

3.  (DSET17)  Failure  dictionary 

4.  (DSET19)  NOPAL  candidate  tests  library 

5.  (DSET22)  Assertion  limit  and  3VDM  table 

6.  (DSET25)  Ambiguity  summary 

7.  (DSET29)  Diagnosis  matrix 


Outout;  1. 

2. 


(DSET06)  Printer  outout  (error  messages) 
(DSET30)  NOPAL  test  specification 


Algor i thm ; 


Step  1.  Write  files  used,  ambiguity  summary,  and 
statistics ; 


Step  2.  Read  a test  identification  from  DSET29;  if 
end-of-file  then  go  to  Step  6; 

Step  3.  If  the  test  specification  has  already  been  written 
in  NOPAL,  then  generate  only  the  assertions  and 
the  diagnosis  selection  logic  statements  as  a test 
module ; 

Step  4,  If  the  test  specification  has  never  been  written 
in  NOPAL,  then  search  the  NOPAL  candidate  tests 
library  and  copy  the  test  specification  and  also 
write  the  assertions  and  diagnosis  selection  Ionic 
statements  in  NOPAL; 
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Step  5 
S teo  6 


Go  to  Step  2; 


Write  an  error  checkina  test  module  which 

determines  whether  the  nominal  diaanosis  was 

selected.  If  it  was  not  selected,  then  send  a 
message  indicating  this; 

Step  7.  Write  an  error  checking  test  module  which 

determines  whether  any  fault  isolating  diagnosis 
was  selected.  If  none  was  selected,  then  send  a 
message  indicating  this; 

Step  9.  Write  the  failure  dictionary  in  NOPAL; 

Step  9.  Write  the  diagnoses  in  NOPAL; 

Steo  10.  Write  the  failure  functions  in  NOPAL; 

Step  11.  Copy  DSFT09  which  contains  the  ATF  function 
definitions; 

Steo  12.  Write  the  test  terminals  in  NOPAL; 

Steo  13.  [End  of  NOPAL  specification  generation]  Stop; 


The  stimulus  and  moasuroment  t'unotions  genoratod  in  the  NOPAl.  listing 
are  as  shewn  below.  .Any  additional  function  detinitions  written  in  the  NOt'Al 
language  may  be  included  in  DSET08. 

FUNCTION  : VOLTMETER,  TYPE=M,  SPINS»2, 

PARAMl* (V,T,  LIMIT* (VOLT,+50,-50) ) , 

PARAM2*(R,S,  LIMIT* (OHM, 10.0E6, 10. 0E6) ) , 

VALUE  RETURNED* ’CONSTANT  VOLTAGE’  ; 

FUNCTION  : AMPMETER,  TYPE*M,  «PINS*2, 

PARAM1=-(I,S,  LIMIT*(AMP,5.C,-5.C)  ) , 

PARAM2*(R,S,  LIMIT*{OHM,0.01,0.01)), 

VALUE  RETURNED* ’CONSTANT  CURRENT’  ; 

FUNCTION  ; OHMMETER,  TYPE*M,  #PINS*2, 

PARAM1*(R,T,  LIMIT* (OHM, 10.0E6,0.01)), 

VALUE  RETURNED* ’CONSTANT  IMPEDANCE’  ; 

FUNCTION  ; JSUPPLY,  TYPE*3 , f PINS *2 , 

PARAMl* (AMP,T,  LIM IT* ( AMP , +1 0 . 0 , - 1 0 . 0 ) ) , 
PARAM2»(R,S,  LIMIT*(OHM, 0.01,0. 01) ) ; 

FUNCTION  : ESUPPLY,  TYPE*S,  'PIN3*2, 

PARAMl* (V,S,  LIMIT* (VOLT, 50. 0,-50.01 1 , 
PARAM2*(G,3,  LIM IT* (OHM , 100 . 0 , 100 . 0 ) ) ; 

IHS 


CHAPTER  7 

CONCLUSION  AND  SUGGESTIONS  FOR  FUTURE  RESEARCH 

7.1  CONCLUSION 

This  report  describes  the  research  and  development  of  a 
methodology  which  automates  the  process  of  test  design  for 
analog  circuits.  Three  significant  aspects  of  the  system 
are  emphasized  here: 

Man~Machine  Interface:  The  minimum  input  to  the  system  is 

the  circuit  description  of  the  prospective  unit  under  test. 

This  is  a simple  task  which  could  be  performed  by  a 

technician  having  a minimal  training  in  electronics.  A 

proficient  user  can  provide  more  information  and  guide  the 

operation  of  the  system.  This  is  illustrated  by  the  many 

input  options  described  in  Appendix  A.  The  options  include 

the  ability  to  define  complex  failure  functions,  new  models 

of  components,  changing  of  the  accuracy  in  measurements, 

specifying  the  acceptable  level  of  fault  isolation  (thereby 

controlling  the  quality  of  the  test  program) , soecifying  the 

needed  facilities  in  the  ATE  and  finally  adding  test 

strategies  which  are  evaluated  similarly  as  the  system 

standard  tests,  including  interaction  with  the  ATE  operator. 

Another  aspect  of  the  man-machine  interface  is  the  variety 

of  reports  produced  which  self  document  the  test  design,  A 

variety  of  error  and  warning  messages  alert  the  user  to 

incompleteness,  inconsistencies  and  ambiguities  in  the 

input.  The  user  is  also  alerted  when  numerical  analysis 
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the  concept  that  there  must  be  useful  diaqnoses  from  each 
test  even  when  it  is  evaluated  in  conjunction  with  other 
tests,  otherwise  the  test  would  be  deleted.  The  inclusion 
of  a test  in  the  test  specifications  always  increases  the 
fault  isolation  caoability  of  the  total  system.  The 
diagnoses  produced  by  the  system  are  such  that  the  test 
execution  sequencing  can  be  based  on  a top  down  concept  in 
testing.  The  generic  tests  at  the  too  level  are  called 
functional  tests . The  intent  of  functional  testina  is  to 
determine  if  the  UUT  is  operational  or  not.  If  the 
measurement  made  on  a UUT  fails  in  a top  level  test,  the 
lower  level  fault  isolation  tests  are  performed. 

The  system  has  been  written  in  ANSI  FORTRAN  to  provide 
easy  transportability  between  different  comouter  systems. 
It  has  been  successfully  used  on  UNIVAC  70/46,  UNIVAC  90/70, 
and  IBM  370/168  computers.  The  total  NOPAL  system  has  been 
tested  with  several  examples.  The  computer  cost  of  the 
example  given  in  Chapter  5 was  approximately  $100  at  the 
University  of  Pennsylvania^  David  Rittenhaus  S/360  Mod  65 
computer . 
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7.2  SUGGESTIONS  FOR  FUTURE  RESEARCH 


1 ' 

A software  system  of  this  magnitude  can  never  be 
considered  complete.  During  the  course  of  fhe  research  many 
problems  associated  with  automatic  test  design  were 
encountered.  Some  of  these  problems  have  been  resolved  and 

some  of  them  are  proposed  here  for  future  research. 

j 

1.  In  this  work  candidate  tests  are  selected  and  simulated 
without  apriori  estimate  on  their  usefulness  to  fault 
isolation  capability.  Their  usefulness  is  determined 
after  failure  simulation.  New  test  strateqies  involvinq 
frequency  domain  analysis  and  transient  analysis  may  be 
investigated.  These  tests  may  be  selected  by  an 
intelligent  preprocessor  embodied  in  the  test  generator 
program.  Before  the  simulation  by  a CANA  program  these 
candidate  tests  may  be  sorted  according  to  a heuristic 
f igure-of-merit  to  reduce  the  simulation  time. 

2.  A simple  test  program  generator  may  be  written  after  the 
first  or  second  minimization  process  which  will  quickly 
oroduce  a test  program  in  ATLAS,  BASIC  or  OPAL  to  verify 
the  component  and  failure  modelling  on  ATE  before  an 
optimal  program  is  produced. 

3.  By  implicitly  allowing  test  sequencing  through  comoonent 
protection  and  failure  rate  index,  an  incomolete  failure 
symptom  table  may  be  used  to  save  simulation  time  in 
certain  test  strategies  involving  frequency  and  time 
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domain  analy>)es.  An  incomolete  failure  symptom  tabic? 
does  not  contain  all  the  failure  symotoms  of  the 
failures  listed  in  the  failure  dictionary. 

4.  The  failure  simulation  aporoach  yields  a larqe  amount  of 
information  about  the  behavior  of  the  circuit.  The  data 
created  in  failure  simulation  can  be  used  for  further 
failure  analysis  and  prediction.  For  examole,  after  the 
first  failure,  the  overstressed  components  may  be 
detected  and  inserted  into  the  failure  dictionary  as 
multiple  or  cascaded  failures.  Then,  they  too  may  be 
included  in  the  failure  simulation  as  new  failure  modes 
of  the  UUT.  This  orocess  may  be  repeated  until  a 
fixpoint  in  the  failure  states  Is  reached.  The  loadinq 
factor  of  each  component  may  be  calculated  in  a manner 
as  described  in  MIL-HDnK-217n  to  qenerate  the  failure 
rate  indices  for  each  failure  automatical ly . 

5.  Testing  with  component  protection  has  not  been  built  in 

this  implementation.  The  FITS  system  is  capable  of 
qeneratinq  the  data  base  necessary  to  detect  the 
overstressinq  conditions  of  a UUT.  An  interesting 
research  area  involves  the  development  of  a methodology 
to  specify  the  ambiguity  level  and  to  minimize  the 
number  of  tests  while  protecting  components.  This 
problem  is  isomorohic  to  the  generalized  traveling 
salesman  problem.  This  oroblem  is  agreed  uoon  as  an 

unsolvable  problem  (in  polynomial  time)  in  ooerations 
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reseach  and  connputer  science.  In  the  generalized 
traveling  salesman  problem  the  state  space  consists  of 


c 

I 

1 


countries,  cities,  rivers  and  roads.  A salesman  must 
visit  a number  of  cities  or  countries,  and  given  the 
distance  between  various  pairs  of  cities,  he  would  li<e 
to  find  the  shortest  route  so  that  he  visits  each  city 
or  country  once  and  returns  to  the  point  of  departure. 
A country  is  said  to  have  been  visited  if  any  city  in 
that  country  is  visited.  The  rivers  act  as  barriers  and 
require  the  satisfaction  of  certain  constraints  before 
they  can  be  crossed.  The  correspondence  to  the 
optimization  of  fault  isolation  logic  is  as  follows:  The 
cities  are  the  final  diagnoses.  The  countries  are 
intermediate  fault  isolation  results.  The  rivers  are 
the  component  protection  requirements.  The  roads  are 
the  assertions  that  can  be  made.  The  length  of  a road 
is  inversely  related  to  the  reliability  of  an  assertion. 
The  path  the  salesman  should  follow  is  the  diagnosis 
selection  logic. 
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APPENDIX  A 


USER'S  GUIDE  TO  FITS 

This  appendix  contains  the  user's  quiue  to  the  FITS 
system.  It  is  organized  in  two  sections!  (1)  the  first 
section  relates  to  the  preparation  of  inputs  and  (2)  the 
second  section  relates  to  the  possible  job  setup 
configurations  in  the  execution  of  FITS  programs  to  achieve 
different  affects. 

1.1  Preparation  of  Input  for  FITS 

Thei'e  are  6 sections  of  the  input  to  the  FITS  system.  They 
are:  (1)  circuit  description,  (2)  test  terminals,  (3) 
failure  definitions,  {4)  fault  isolation  objectives,  (5) 
accuracy  specifications,  and  (6)  initial  conditions. 

Figure  A.l  illustrates  the  general  organization  of  the 
input  file.  The  sections  can  be  written  in  any  sequence. 
The  beginning  of  a new  section  terminates  the  previous 
section.  Bnd-of-file  condition  terminates  the  current  input 
section  and  the  input  file.  Bach  input  section  is  described 
further . 


CIRCOIT_DBSCRIPTION  <uut  naDe>  <dict  name>  (<comment>I 
<ciccuit  description  in  NAP2  latiguage> 

<component>  (:  <failuce>  (<function>]  ] [>J  (:  <comnient>] 


TEST  TERMINALS  <connector>  [<comroent>l 


<ciccuit  node>  <external  node>  [<comment>] 
FAILURE_DEFINITIONS  <fda  naine>  [<coinnient>l 
DEFINE  <id>  (<comment>l 


<modif ications  to  nominal  circuit  description> 
END 


OBJECTIVES  <obj  name>  [<comment>I 
<diagnosis  %>  {<comment>l 
<cfi  %>  <k-arabiguity>  (<coniment>] 


ACCURACY  <accr  name>  (<comment>l 


<zero  discr imination> 

(<COmment>) 

<inaccuracy> 

(<comment>i 

<significant  digits> 

(<comment>i 

<sort> 

(<comment>i 

<optimi2e> 

(<comment>) 

<missing> 

(<corament>l 

INITIAL_CONDITIONS  <init  name>  [<comment>] 

• 

BEGIN  (DEFINE]  (<message>] 

<initiai  conditions  in  NAP2  language> 

(if  DEFINE  is  specified  then  NOPAL  statements  are  allowed) 

END 

END-INITIAL 


Figure  A. I General  Organization  of  the  Input  Kile 
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Each  section  has  generally  the  following  form: 


Column  1 

1 

<section  identifier  keyword>  <section  name>  [<comment>] 
<parameters> 

<end-of-section> 


The  symbols  are  delimited  by  at  least  one  space.  Only  the 
first  4 characters  of  a <section  identifier  keyword>  and  the 
first  8 characters  of  a <section  name>  are  used  for 
identification. 

1.1.1  Circuit  Description  Section 

The  circuit  description  is  the  most  important  input  to 
FITS.  It  is  written  in  the  NAP2  language.  The  semantics  of 
certain  statements  are  extended  so  that  the  failure  modes  of 
a circuit  can  be  indicated  to  the  FITS  system.  As  far  as 
the  circuit  analysis  program  is  concerned  these  extensions 
are  comments. 

1.1. 1.1  Overview  of  NAP2  Input 

In  this  section  only  the  overview  of  the  input  preparation 
to  the  NAP2  circuit  analysis  program  is  given,  including  some 
examples  of  input  and  output  of  NAP2.  The  complete 
documentation  can  be  found  in  the  NAP2  user's  manual. 
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l.l.l.l.l  General  Description  of  NAP2 

Nonlinear  Analysis  Program  (NAP2)  for  electronic  circuits 
can  perform  steady  state  analysis,  frequency  and  time  domain 
analyses,  noise  signal  analysis,  sensitivity  analysis,  root 
sum  squared  and  worst-case  tolerance  analysis,  Fourier 
analysis  of  periodic  responses,  optimization  of  steady  state 
and  transient  responses. 

The  Input  is  entered  by  a user  oriented  language.  The 
networks  are  described  by  specifying  each  element,  its  type, 
node  connections,  value  and  other  associated  data. 

The  outputs  can  be  node  voltages,  element  values, 
voltages,  currents,  power  dissipations,  tranfer  responses, 
sensitivities,  worst —case  limits,  and  other  calculated 
parameters.  The  outputs  can  be  printed  in  a tabular  form  or 
plotted  on  a line  printer. 

There  are  two  versions  of  the  same  program.  The  smaller 
version  requires  about  lOOKbytes  of  memory  and  can  solve 
circuits  containing  up  to  50  nodes  and  195  elements.  The 
larger  version  requires  about  250Kbytes  of  memory  and  can 
solve  circuits  containing  up  to  500  nodes  and  1500  elements. 

1.1. 1.1. 2 Input  Organization 

An  input  to  the  NAP2  program  consists  of  free  formatted 
statements  describing  the  circuit  and  the  type  of  analysis 
to  be  run.  The  input  is  organized  as  follows: 
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I storing  of  user  generated  models  and  subcircuits  I 

I I 

I •CIRCUIT  I 

I I 

I circuit  description  statements  and  retrieval  of  stored  models  | 

I or  subcircuits  I 

I I 

I •(control  statements)  I 

I I 

I specification  of  run  controls,  outputs  and  types  of  analysis  I 

I to  be  performed  I 

I •RUN  I 

I initiates  the  computation  of  analysis  t 

I I 

I •END  I 

I I 

I terminates  analysis  I 

I I 

The  *RUN  command  may  be  followed  by  modifications  to  the 

circuit  and  run  controls.  The  circuit  analysis  may  then  be 

rerun  starting  with  the  initial  conditions  found  in  the 

previous  run.  The  *END  command  terminates  the  execution  of 

NAP2  and  returns  the  control  to  the  operating  system. 

i' 

f, 

-r 

fi 

1.1. 1.1. 3 Circuit  Elements  || 

il 

Each  circuit  element  must  be  specified  after  the  ^CIRCUIT 
command  along  with  its  type  prefix  and  name,  node 
connections,  value,  and  any  other  associated  data.  The  j 

following  element  types  are  supported:  | 

> 

I 

i 

! 


PREFIX 


ELEMENT  TYPE 


I built-in  semiconductor  reference 

I 

user  defined  model  reference 
user  defined  parameters 


The  controlled  sources  may  be  controlled  by  any  element 
voltage  or  current  or  the  time  derivative  of  any  element 
voltage  or  current.  The  mutual  coupling  M may  be  between 
any  two  passive  elements  R,  G,  L or  C.  The  type  of  coupling 
depends  on  the  elements  coupled.  All  element  values,  source 
and  coupling  values  may  be  constants  or  linear  and  nonlinear 
functions  of  any  named  value  or  circuit  response.  The  named 
values  which  may  be  used  are  any  user  defined  parameter  or 
one  of  the  following  internally  stored  parameters: 


1 


Node  voltages,  voltage  and  current  of  an  RR,  L,  V,  or  R»0 
type  element  connected  to  a node,  current  of  an  element  that 
defines  a to-branch  are  primary  responses.  The  transfer 
function  and  sensitivity  calculations  can  only  be  performed 
on  primary  responses.  The  current 
through  any  resistor  can  be  made  a primary  response  by 
prefixing  the  resistor  name  by  RR. 

The  reference  directions  have  significance  for  the  sign 
of  the  element  voltages  and  currents.  Independent  voltage 
sources  E and  current  sources  J are  specified  as 
subparameters  to  an  element.  They  follow  the  conventions  in 
relation  to  the  circuit  nodes  as  shown  in  Figure  A.:. 


The  current  is  positive  if  it  flows  from  the  first 
specified  node  (nodel)  to  the  second  node  (node2).  The 
element  currents  and  voltages  include  the  independent 
source.  This  notation  results  in  negative  power  absorbtion 
if  Independent  sources  are  specified  as  R or  G type 
elements. 
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PasBiv*  Elaments 


X«  R or  G : E or  J «llo««d 
Xa  L or  C : E or  J not  allowed 


Controlled  Voltage 
Source 


Vnn«  value 


IXnn 

VXnn 

SIXnn 

SVXnn 


E - value  J 


£ or  J are  not  allowed  for  S-type  couplings. 


FI  mi  ft'  A.  2 


Ki't  t'ft'iu't'  IH  f t'l' t 1 t'ns 


1.1. 1.1. 4 Function  Definition  Capability 

Functions  are  entered  by  means  of  a function  statement 
giving  the  name,  type,  and  parameter  values  of  the  function. 
Piecewise  linear  functions  are  entered  by  listing  the  data 
points  pairwise  giving  the  end  points  of  the  linear 
sections.  These  tabular  functions  may  be  discontinuous  at 
any  point,  thus  step  functions  are  allowed.  The  ordinate 
values  of  the  tabular  functions  may  themselves  be  functions 
of  named  values  or  circuit  responses,  thus  tables  may  be 
dynamically  used.  Functional  expressions  of  the  following 
type  can  be  specified: 


f{x)  ■ A B * function  (( (x-C)/D)  **E)  + valuel  value2  + ... 


where  the  "function"  may  be  any  one  of  the  Fortran  functions 
ABS,  EXP,  LOG,  SIN,  TAN,  ATAN  or  blank.  The  coefficients  A, 
B,  C,  D,  E and  the  added  values,  valuel,  value2,  ...  may  be 
constants  or  computed  parameters.  The  coefficients  have 
default  values  such  that  f(x)*x.  The  user  is  also  allowed 
to  write  a Fortran  subroutine  which  can  be  called  from  the 
circuit  analysis.  These  functions  may  be  used  in  accurate 
modelling  of  semiconductor  devices. 

1.1. 1.1. 5 Built-in  Semiconductor  Models 

NAP2  has  internal  models  for  diodes,  bipolar  junction 
transistors  and  field  effect  transistors.  The  user  can 

choose  the  parameters  to  model  the  desired  devices.  The 

2hi 


diode  model  is  shown  in  Figure  A. 3.  The  user  can  specify 
the  parameters  IS,  VT,  TT,  CJ,  FI,  GA  and  GS  (see  Table 


A.l).  The  values  of  IS  and  VT  are  temperature  dependent. 
Temperature  dependencies  are  calculated  as  follows: 

VT«VTo*{T/298.0) 

IS»ISo*(T/298.0) **3*EXP(Eg/VTo-Eg/VT) 

where  T«273+TEMP  and  Eg»l,l  energy  gap  voltage  for  silicon. 
TEMP  is  the  ambient  temperature  specified  by  the  user. 
Normally  TEMP»25®C  is  used. 

The  bipolar  junction  transistor  model  as  shown  in 
Figure  a. 4 is  essentially  the  Ebers-Moll  model  where  the 
parameters  IS,  VT,  NI,  NV,  TF,  TR,  CE,  CC,  FI,  GA,  GZ,  NG, 
AF,  AR  and  GS  are  specified  by  the  user  (see  Table  A. 2 ). 
The  junction  field  effect  transistor  model  is  shown  in 
Figure  A. 5.  The  parameters  BE,  VP,  VO,  CS,  CD,  FI,  GA,  GZ 
and  NG  are  specified  by  the  user  (see  Table  A.3).  The  JFET 
model  is  used  for  MOSFET  by  choosing  the  parameters 
appropriately. 
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TABLK  A. 1 DIODE  PARAMETERS 


SYMBOL 

1 

NAP2 

1 

DEFAULT 

•+ 

1 

DESCRIPTION 

■t" 

1 

IS 

1 

lE-13 

1 

saturation  current 

1 

• 

1 

1 

T 

1 

VT 

•T" 

1 

0.025 

..j 

i 

nkT/q,  where  n is  the 

1 

-+- 

1 

1 

4— 

emission  coefficient 

transit  time 
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TABLE  A. 2 BIPOLAR  JUNCTION  TRANSISTOR  PARAMETERS 


+ +- 

I DEFAULT  I 

lE-13 


SYMBOL  1 NAP2 

■saaassa^aaaaaa 

IS 


DESCRIPTION 

ssssaaasasasaaaaaaasasaa: 

base  emitter  saturation 
current 


VT 


0,025 


nkT/q,  where  n is  the  base 
emitter  emission  constant, 
(kT/q=*0,026) 


Y\- 


NI 


n^I  is  the  base-collector 
saturation  current 


NV 


n^V  is  V for  the 
base-collector  diode 


TF 


common  base  forward  transit 
time 


Too. 


TR 


common  base  reverse  transit 
time 


CE 


zero  bias  base-emitter 
capacitance 


CC 


^Cj 


zero  bias  base-collector 
capacitance 


4^ 


FI 


junction  potential 


V 


GA 


0,5 


exponent  in  capacitance 
equation 


Gi 


GZ 


zero  bias  output  conductance 


NG 


proportionality  factor  for 
output  conductance 


oc, 


AF 


0.99 


common  base  forward  current 
gain 


oc, 


AR 


0.5 


common  base  reverse  current 
gain 


GS 


maximum  junction  diode 
conductance 
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lABl.F.  A.'l  JUNCTION  KIl'.l.l)  KKKKC'l'  TKANSISTOR  PARAMKTF.RS 


SYMBOL 


NAP2 


DEFAULT 


V, 


BE 

VP 


lE-3 

-3 


V. 


vu 


C< 


cs 


Cd 


CD 


FI 

GA 


1 

0.5 


V 


a. 


GZ 


NG 


DESCRIPTION 


transconductance  parameter 


pinch  off  voltage 


upper  constraint  on 
characteristic 


zero  bias  gate-source 
capacitance 


zero  bias  gate-drain 
capacitance 


gate  junction  potential 


exponent  in  capacitance 
equation 


zero  drain-source  output 
conductance 


proportionality  constant  for 
output  conductance 


1.1. 1.1.6  Outputs 

Any  circuit  element's  value,  voltage,  current  or  power 
dissipation,  any  node  voltage  or  calculated  parameters  may 
be  requested  for  output.  The  outputs  can  be  saved  on 
selected  data  sets  and  printed  in  a tabular  form  or  plotted 
on  a line  printer.  NAP2  provides  powerful  editing  features 
in  the  output  specifications. 


1.1, 1,1.7  Initial  Conditions 


Initial 

conditions  for 

any  node 

voltage 

or 

pr imary 

current  can 

be  set  with  the 

♦MODIFY 

command . 

This 

command 

can  also  be 

used  to  change 

element  values,  or 

set 

element 

tolerances  and  sensitivity  trackings, 

1.1. 1.1. 8 Run  Controls 

The  *TIME  command  is  used  to  set  the  start  and  stop 
times  for  the  transient  analysis  or  to  vary  circuit 
parameters  in  the  steady  state  analysis.  The  time  command 
can  also  select  the  interval  for  outputting  data  and  the 
type  of  solution  process  used  - variable  step,  constant 
linear  step,  or  logarithmic  variations  of  the  step  size. 

The  *PREQ  command  is  used  in  the  frequency  domain 
analysis  to  set  starting  and  final  frequency  values.  It  can 
also  indicate  linear  or  logarithmic  variation  of  the 
frequency. 

The  *RUN  command  passes  the  control  to  the  numerical 
analysis  section  of  the  program.  This  command  is  also  used 
to  change  any  of  the  28  internal  solution  parameters  such  as 
minimum  and  maximum  step  size,  relative  truncation  error, 
relative  convergence  criterium  and  damping  factor  for  the 
Newton-Ralphson  iteration,  order  of  implicit  integration 
polynominal. 
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1.1. 1.1.9  Types  of  Analysis 

The  NAP2  program  can  perform  steady  state,  frequency 
domain,  and  time  domain  analyses  for  nonlinear  circuits. 
These  analyses  are  initiated  by  the  commands  *DC,  •AC,  and 
•TR,  respectively.  The  *DCTR  command  causes  the  steady 
state  solution  to  be  calculated  first  and  then  the  time 
domain  solution  is  started.  Thus  the  steady  state  solution 
can  be  used  as  initial  conditions  in  the  transient  analysis. 

Additional  analysis  capabilities  include  transfer 
responses,  tolerance  analysis,  worst  - case  analysis,  Fourier 
analysis,  noise  analysis,  temperature  variation  analysis, 
and  automated  optimal  design.  These  analysis  capabilities 
are  briefly  described. 

The  transfer  responses  of  the  form  dxi/  ^Jj  or 
'^Xi/'^Ej  can  be  calculated  where  Xi  can  be  any  node 
voltage,  element  voltage  or  element  current  and  Jj  and  Ej 
can  be  any  current  or  voltage  of  a resistor  or  conductor  in 
the  circuit.  The  transfer  responses  are  requested  for 
output  along  with  the  other  ouput  requests  under  the 
analysis  command. 

The  sensitivity  of  any  primary  response  Xi  with 
respect  to  a circuit  parameter  Cj  is  calculated  by  the 

formula : 


'i 


::8 


t 


The  summation  term  represents  the  contributions  due  to  any  n 


circuit  elements  which  track  Xi  (i,e.,  elements  which  are 
completely  correlated  with  Cj). 

A statistical  estimate  of  the  behavior  of  any  primary 
response  Xi  can  be  computed  by  using  the  root  sum  square 
(RSS)  of  the  weigthed  sensitivities  by  the  formula: 

I 1 

I RSS  = 1 


where  ^ tolj  is  the  relative  tolerance  of  circuit  parameter 
Cj  and  n is  the  number  of  circuit  elements  which  have 
tolerance  assigned.  The  analysis  is  initiated  by  a request 
in  the  output  list  options. 

The  sign  of  the  sensitivities  are  used  to  predict  the 
worst  cases  of  the  primary  responses.  Parameters  with 
tolerance  specifications  are  perturbed  to  their  upper  or 
lower  tolerance  limits  depending  on  the  sign  of  their 
sensitivity  effecting  the  primary  response  in  the  nominal 

solution.  These  modified  component  values  are  used  to 
approximate  to  the  minimum  or  maximum  worst  case  of  the 
primary  response.  *MIN  command  requests  the  minimum  worst 
case/  *NAX  command  requests  the  maximum  worst  case#  and  the 
*WORST  command  requests  both  cases  to  be  analyzed. 
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The  sensitivity  calculations  can  also  be  performed  by  numerical  pertur- 
bation of  the  component  values  explicitly.  The  sensitivity  becomes  equal  to 
■’  the  difference  between  the  actual  output  values  and  the  values  from  the  pre- 

vious  perturbation  run.  This  is  accomplished  by  specifying  the  SAVEPERT  and 
then  PERT  options  in  the  *RUN  command  in  two  consecutive  runs. 

Any  periodic  output  quantity  can  be  Fourier  analyzed  by  the  *F  command. 
NAP2  calculates  the  Fourier  components  and  the  distortion. 

The  noise  behavior  of  the  network  is  estimated  by  the  *F  command.  NAP2 
calculates  the  Fourier  components  and  the  distortion. 

The  noise  behavior  of  the  network  is  estimated  by  the  computation  of  the 
transfer  responses  from  all  R and  G type  elements  to  a primary  response  Xi. 


The  noise  analysis  applies  to  the  DC  analysis  only  and  is  initiated  by  the 
*NOISE  command. 

The  built-in  parameter  TEMP  represents  the  ambient  temperature.  Satura- 
tion currents  IS  and  the  VT  potentials  of  the  PN-junctlon  diodes  in  the 
built-in  semiconductor  models  cliange  with  TEMP  when  its  value  differs  from 
room  temperature  25°C. 

Automated  optimal  design  is  accomplished  by  adjusting  the  specified 
circuit  parameters  until  an  optimal  solution  is  found.  NAP2  minimizes  the 
root  sum  square  of  the  relative  differences  between  the  calculated  and 
desired  values  of  selected  circuit  responses  by  a damped  least  squares 
method.  The  circuit  parameters  and  the  constraints  that  control  the  optimi- 
zation are  specified  in  the  *0PT1M  command. 

2.‘^0 


F 


1.1.1.1.10  Application  Example 


Input  preparation  for  the  NAP2  proaram  is  illustrated 
here  by  an  example  showing  the  steps  in  preparing  input. 
The  sample  circuit  shown  in  Figure  A. 6 is  a class-B 
amplifier  intended  for  low  power  applications. 

The  first  step  in  the  circuit  simulation  is  to  determine 
the  model  parameters  so  that  the  desired  accuracy  can  be 
obtained.  This  is  frequently  the  most  difficult  phase  in 
computer  aided  network  analysis. 

In  the  sample  circuit  the  nonlinear  devices  are 
modelled  by  the  built-in  large-signal,  Ebers-Moll  transistor 
model  and  the  built-in  diode  model.  These  models  are  shown 
in  Figures  A. 3 and  A. 4,  The  transistor  consists  of  the 
base-emitter  and  the  base-collector  junction  diodes  with 
nonlinear  capacitors  which  represent  the  charge  storage 
effects.  The  current  sources  AF  and  AR  represent  the 
common-base  forward  and  reverse  current  gains.  The 
collector-emitter  conductance  Go  is  made  proportional  to  the 
dynamic  conductances  of  the  junction  diodes  to  improve  the 
steady  state  simulation  of  the  transistor.  The  junction 
diode  characteristic  is  extended  linearly  when  VD<0,  and  if 
the  dynamic  conductance  GOGS.  The  built-in  transistor 
model  requires  15  parameters  and  the  diode  model  requires  7 
parameters  for  a complete  definition.  The  parameters  which 
are  not  specified  take  the  default  values  given  in  Tables 
A.l  and  A. 2. 


231 


Transistor  data  handbooks  specify 
typical  values  for  the  BC107  and  BC177  trans 


the  following 
istors: 


DESCRIPTION  I PARAM.  | BC107  | BC177 


zero  bias  base-emitter 
capacitance 

H 

1 

1 

12pF 

1 

I 

•X. 

24pF 

zero  bias  base-collector 
capacitance 

T' 

1 

1 

. 1 

cc 

1 

1 

5pF 

1 

1 

*x« 

lOpF 

For  IC»2mA,  VCE=i5V: 
base-emitter  voltage 

T* 

1 

1 

L . 

VBE 

T 

1 

1 

620mV 

1 

1 

L 

650mV 

transition  frequency 

•T* 

1 

-.X 

— T“ 

1 

200MHz 

— T* 

1 

X- 

lOOMHz 

common  emitter  small 
signal  hg -parameters 

n 

BBS 

n 

n 

2.5K 

H 

BBS 

T 

1 

1.5E-4 

1 

2.3E-4 

1 

^ Fe 

1 

— X- 

180 

— T* 

1 

.X. 

140 

1 

h oe 

'•T* 

1 

.Xu. 

18E-6 

1 

..X. 

38E-6 

For  ICalOmA,  IBsat«0.5mA: 
col lector -emitter 
saturation  voltage 

T* 

1 

1 

1 

1 

VCEsat 

1 

1 

1 

.X. 

90mV 

1 

1 

1 

• X. 

75mV 

base-emitter  saturation 
voltage 

T‘ 

1 

1 

VBEsat 

1 

1 

700mV 

— T* 

1 

1 

700mV 

Most  of  the  data  from  the  handbooks  cannot  be  used 
directly  in  the  Bbers-Moll  model.  A simple  adjustment  is 
made  to  evaluate  the  small-signal  equivalent  (see  Figure 
4.3)  and  Ebers-Moll  parameters  are  expressed  in  terms  of  the 
h^-parameters. 
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The  approximate  relationships  used  are: 

» ^Fe/h; 


hrc  =» 

>-0^11. 

Gee 

l-otp 

G ee 

-eXp 

hoc  = 

l — OC  p 

G»c  = 


>re 


'-"‘F-  h., 


or 


I - 


I*  h 


rr 


The  large-signal  parameters  are  then  estimated  as  a best 
fit  from  the  h -parameters  near  the  operating  point:  IC»2mA, 
VCE-5V,  VBE-620raV  for  BC107  and  VBE-650mV  for  BC177. 


PARAMETERS 

+- 

1 

BC107 

1 

BC177 

1 

AP-  1 - '/(^FC^O 

1 

X- 

0.9945 

-T* 

1 

0.993 

1 

AR  (estimated) 

1 

0.5 

” + "■ 
1 

0.5 

1 

VT-  Xf 

I 

X 

30mV 

-T** 

1 

36mV 

1 

IS-  I,  . 

1 

2E-12 

“T“ 

1 

3E-11 

1 

NG-  -hf« 

1 

± . 

1.2E-4 

•T  — 

4.5E-4 

1 

TF-  o<p  -Tp  ?=■  ' /iTT-fT 

1 

X 

0. 8ns 

L — 

1 . 6ns 

1 

TR-  oc^l-Xr  C51  O.'JTf 

1 

X 

0.4ns 

“T* 

1 

0. 8ns 

1 

GA  (estimated) 

1 

X- 

0.3 

“T” 

1 

0.3 

1 

-T” 

The  reverse  transit  time  "t'n. 

is  estimated  to 

be 

equal 

to 

In  the  NAP2  transistor  model  the  reverse  biased 
collector  diode  conductance  GBC  is  assumed  to  be  a constant 
equal  to  ICS/VCT,  This  gives  one  equation  in  the  fitting  of 
the  collector  diode  saturation  current  ICS  and  the  potential 

VCT.  In  the  saturated  region,  IC/IBsaf20<<hp^  ; therefore 


I 


most  of  the  base  current  flows  in  the  collector  diode.  The 
equations  used  are: 


X e,  e - ^ ) / ^c.1 


S»C  = - 


1 re 


'c^ 


hie 


Prom  these  equations  ICS  and  VCT  can  be  found  and  the 
model  parameters  NI  and  NV  become: 

I + + 1 

1 PARAMETERS  1 BC107  1 BC177  1 

I VCT  I 55mV  I 56mV  | 

1 + + I 

I ICS  I 6E-9  I lE-8  I 

I + + I 

I NV-VCT/VT  I 1.63  I 1.56  | 

I + + I 

I NI»ICS/IS  I 3000  I 330  | 

I + + I 


The  large  differences  in  the  saturation  currents  and  the 


VT  potentials 

of 

the  junction 

diodes  are 

due 

to 

the 

approximations 

made 

and  also 

the  limitations 

of 

the 

Ebers-Moll  model 

• 

The  accuracy 

decreases  in 

the 

case 

of 

large  perturbations  form  the  operating  point. 

The  user  may  define  models  of  semiconductors  which  are 


better  than  Ebers-Moll  model  for  the  specific  application. 
When  failures  in  circuits  are  considered,  the  linear 
extensions  of  the  characteristics  may  result  in  large 
errors.  More  accurate  model  parameters  may  be  extracted 
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from  laboratory  measurements  and  computer  analysis. 

For  the  diode  BAIOO,  the  following  typical  values  are 
used:  ID«lmA,  and  VD»635mV,  If  the  default  value  of  VT  is 
assumed  the  saturation  current  IS  becomes: 

I , 

I X5  = Id  I 


The  charge  storage  effect  of  the  diode  is  not  considered 
in  this  example. 

When  the  model  parameters  are  determined,  a check  of  the 
model  behavior  can  be  performed.  The  test  circuit  in  Figure 
A, 7a  is  used  to  trace  the  transistor's  IC  versus  VCE 
characteristic.  The  input  to  NAP2  is  shown  in  Figure  A •B. 

The  *TIME  statement  requests  a variation  in  the  the 
value  of  RCC.E  (i.e.,  VCE).  The  variation  is  performed  with 
variable  step  size  since  no  step  size  is  specified. 

The  ‘PLOT  subcommand  in  the  *DC  statement  requests  a 
plot  of  the  collector  current  IRC  versus  the  varied 
collector-emitter  voltage  RCC.E,  The  plot  will  consist  of 
50  lines. 

The  control  parameter  HOLD  in  the  *RUN  statement  keeps 
the  plot  output  in  hold  status.  Output  from  more  than  one 
run  is  desired  on  the  same  plot.  The  control  parameter  OFFL 
selects  the  output  data  set  number.  The  output  of  the 
analysis  is  shown  in  Figure  A .9a,  The  automatic  step 
control  results  in  many  points  if  the  variations  of  the 


'y 


response  are  large  anfi  in  fewer  points  if  the  response  is 
smooth . 


I 

f 

I 

r« 

1 

'■< 

i 

I 


i 

I 

4 

i 

/ 


I 


The  remainder  of  the  input  changes  the  title  of  the 
problem  by  the  ■*;"  command.  The  next  analysis  is  the 
determination  of  DC  small-signal  hg-parameters . The 
transfer  responses  Vl/JGBB,  Vl/ERCC,  IRC/JGBB  and  IRC/ERCC 
correspond  to  the  h -parameters,  GBB,J  is  a reference  to 
the  base  current  source,  Vl/JGBB  is  a small-signal  transfer 
response  which  has  no  relation  to  the  independent  sources. 
The  base  current  is  varied  from  SpA  to  50pA  and  the  transfer 
responses  are  plotted  and  printed  versus  the  collector 
current  IRC,  The  output  is  shown  in  Figure  A. 9b, 

The  circuit  shown  in  Figure/), 7b  is  used  to  trace  the 
dynamic  junction  capacitances  CBE  and  CBC  versus  the  diode 
reverse  voltages.  These  are  varied  simultaneously  by 
varying  REE,E  and  RCC,E,  The  model  element  names  have  an 
"&■  as  a prefix  and  they  are  referenced  by  specifying  the 
transistor  name  first  as  a partially  qualified  name.  The 
results  of  this  analysis  is  shown  in  Figure/), 9c,  The 
values  calculated  by  NAP2  for  these  transistors  match  the 
data  given  in  the  model  handbooks. 
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•civcaiT 


BC107  It.VCE  CHABACTEIISTICS 


IPARAHETEK  LIST  fO*  BC1Q7 

BC107/NPN/  »f  .99*5  VT  30W  IS  2.7C-12  Ml  3E3  BV  1.65  ' 

NO  1.2E-*  TF  .a»S  TB  .tHi  CE  12PF  CC  SPF  «*  .5 
:8U1LT  IN  transistor  NO»Et.»  NODES  COLL  BASE  EMIT 
TRI  3 1 0 BC107 

6BS  0 1 0 J 5UA  : BASE  CURRENT  SOURCE 

RC  2 3 0 : ZERO  COLLECTOR  RESISTANCE 

Rcc  2 3 0 E Ov  : vcE  voltage  source 

•TIRE  RCC.E  0 IV  : VARIATION  OF  VCE  FROM  0 TO  1V 

: PLOT  IBC  VERSUS  VCE 


•DC  •PLOT (50}  IRC 


• RUN 
•ROOIFT 

• RUN 
•ROOIFT 

• RUN 
•ROOIFT 

• RUN 


HOLD 

CBS .4  1QUA 
HOLD 

6BB.J  20UA 
HOLD 

6BB.J  50UR 


2 ROOIFT  BASE  CURRENT 


ROOIFT  BASE  CURRENT 


ROOIFT  BASE 
ROM  PLOT 


CURRENT 


:•  BC107  VCE>5V  HE-PARARETE RS  VERSUS  COLL. CURRENT 

•TIRE  6BB.J  SUA  SOUA  : VARIATION  OF  BASE  CURRENT 
•DC  •PPL0T(50  IRC)  V1/46BB/ERCC  > 

IRC/J6BB/ERCC  S PRINT  AND  PLOT  HE-PARARETERS  VERSUS  IRC 

• RUN 


•:  aC107  CBE  AND  CBC 

GBB-  3 

.TRI  301  BC107  S 

REE  1 0 0 E OV  3 

•TIRE  REE.E  -.3V  5V  > 3 

RCC.E  -.3V  5V  3 

• DC  •PLOTISO)  TRt.CCaO  3 
TRI.SCaC  3 


•RU 


OTKANIC  CAPACITANCES  VERSUS  REVERSE  VOLTABE 

DELETE  GBB 

CHANGE  NODES  OF  TRI 

ADD  ERITTER  DIODE  VOLTAGE  SOURCE 

SIRULTANEOUS  variation  of  ERITTER  AND 

COLLECTOR  REVERSE  VOLTAGE 

PLOT  DTNARIC  CAPACITANCES 

VERSUS  REVERSE  VOLTAGE 


•END 


Figure  A. 8 Input  to  NAP2  to  Analyze  the  Circuit  Shown  in  Figure  A. 7 
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After  sufficiently  accurate  models  are  determined,  the 
analysis  of  the  circuit  can  start.  The  input  description  of 
the  circuit  shown  in  Fiqure  A, 6 to  the  NAP2  proqram  is  shown 


I 


in  Fiqure  A, 10,  The  transistors  have  the  paramaters  as 
determined  earlier.  The  forward  current  qains  are  specified 
on  the  transistor  statements  so  that  they  can  be  included  in 
the  sensitivity  analysis.  The  first  analysis  is  the 
determination  of  the  operatinq  point  of  the  amplifier. 

The  preferred  steady  state  operatinq  point  of  this 
class-B  type  amplifier  is  that  the  quiescent  current  in  the 
complementary  pair  TR3  and  TR4  should  be  about  1mA  to 
minimize  the  cross-over  effects.  An  output  voltage  at  about 
3V  maximizes  the  output  swing.  The  parameters  that  may  be 
changed  (R2  and  RB3)  are  specified  in  the  *0PTIM  statement. 
The  desired  solution  (IRE«lmA  and  V10-3V)  is  specified  in 
the  output  list.  At  the  end  of  the  optimization  run  all 
circuit  responses  are  printed  as  shown  in  Figure  A . 11a,  The 
adjusted  valued  of  R2  and  R83  can  be  found  under  the  "ALL" 
listing.  Also  the  AC  models  corresponding  to  the  Ebers-Moll 
small-signal  equivalent  are  listed.  The  optimization  stops 
when  0.1%  relative  change  in  the  element  values  can  no 
longer  improve  the  solution.  The  root  sum  square  of  the 
relative  error  in  the  desired  solution  is  also  printed. 

The  next  analysis  is  a worst-case  study  of  the  output 
voltage  VIO  and  the  current  IRE3.  In  the  first  "MODIFY 
statement  several  resistors  and  the  voltage  source  REE.E  are 

assigned  the  tolerance  class  1 with  the  relative  tolerance 


+-10%,  The  current  gain  AF  is  in  tolerance  class  2 with 
positive  tolerance  0.2%  and  negative  tolerance  0,8%  as 
specified  in  the  second  *MODIFy  statement.  The  nominal 
solution  and  component  values  are  lost  at  the  end  of  a worst- 
case  analysis.  If  the  consecutive  worst-case  analyses  are 
desired  to  be  more  accurate,  the  nominal  circuit  can  be 
saved  by  +SAVE  command  and  *LOADed  before  each  worst-case 
analysis.  The  output  of  the  worst--case  analysis  is  shown  in 
Figure  A, lib.  The  output  options  which  are  specified  before 
the  *WORST  subcommand  are  printed  in  every  worst  case  as  the 
transfer  responses  Vl/JRl  (input  resistance),  VlO/JRl 
(transfer  resistance),  and  VIO/JGIO  (output  resistance). 
The  message  "SIGN  HAS  CHANGED"  indicates  that  the  solutions 
are  not  true  worst  cases  of  VIO.  The  sensitivities  with  the 
sign  change  are  very  small;  so  their  contributions  may  be 
ignored.  The  nominal  case  of  IR3  is  based  on  the  actual 
solution  which,  in  this  case,  is  the  maximum  case  of  VlO, 
The  root  sum  square  of  the  weighted  sensitivities  is 
computed  after  each  worst-case  analysis. 

The  ambient  temperature  has  influence  on  saturation 
currents  IS  and  the  VT  potentials  of  the  junction  diodes. 
When  the  temperature  through  the  built-in  parameter  TEMP  is 
varied,  the  steady  state  operating  point  changes.  This  is 
shown  in  Figure  A,  lie  where  the  temperature  dependencies  of 
ITDl,  IRE3  and  VIO  are  plotted.  Above  100  C the  temperature 
dependencies  become  very  strong. 

The  next  analysis  is  a time  domain  analysis  which  is 
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performed  at  two  different  input  sine  current  levels,  with 
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( 
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( 
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■ 1 


I 
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amplitude  0.1mA  and  0,2mA.  The  subcommand  *F  requests  a 
Fourier  analysis  of  Vll  to  determine  the  distortion.  The 
time  is  varied  over  three  periods  (3ms).  The  Fourier 
analysis  is  based  on  the  last  period  when  all  transient 
responses  have  disappeared.  The  Fourier  analysis  of  more 
than  one  period  indicates  whether  this  statement  is  true  or 
not.  The  results  are  shown  in  Figures  A.Hd  and  a, He, 

Figure  A.llf  illustrates  the  class-B  operation  of  the 
amplifier  with  the  plots  of  IRE3  and  IREl. 

A small  pulse  input  current  excites  the  small  time 
constants  of  the  amplifier  as  shown  in  Figure  A.iig,  The 
response  of  the  output  voltage  Vll  to  the  sharp  changes  in 
the  input  current  Rl.J  is  also  displayed  in  this  figure. 
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1. 1.1.2  Circuit  Description  Input  Section 


The  circuit  description  input  has  the  following  form: 


CIRCUIT^^DESCRIPTION  <uut  name>  <dictionary  name>  [<comment>]  I 

• I 

• I 

<NAP2  statements> 

<component  with  failure>  [:  <failure>  l<function>l *J  (>]  I 

[ : <comment>l  | 

• I 

<end-of-section>  i 


CIRCUIT__OESCRIPTION  is  a section  identifier  keyword  which 

indicates  that  the  input  lines  until 
<end-of-section>  ate  the  circuit 
description  statements  of  the  circuit 
in  NAP2  language. 

<uut  name>  UUT  identification  name 


<dictionary  narae>  failure  dictionary  name 

<NAP2  statements>  any  NAP2  statement  which  describes  the 

UUT  is  entered  here.  An  extension  to 
the  semantics  of  certain  statements 
enables  the  user  to  indicate  (to  PITS) 
the  components  failures  which  should  be 
automatically  included  in  the  failure 
dictionary.  This  extension  is  treated 
as  comment  by  the  NAP2  orogram. 


<component  with  failure>  <component>  <nodel>  <node2> 

[<node3>l  <value> 

<component>  name  of  the  componen*-  in  the  circuit 
<nodel>  from  or  collector  node 

<node2>  to  or  base  node 

<node3>  emitter  node 

<value>  value,  parameter  or  model  name  of  the 

component 

FITS  can  automatically  generate  failure 
dictionary  entries  if  the  component 
name  is  prefixed  by  R,  C,  L,  TD  or  TQ. 


<failure>  if  the  first  4 characters  are  PAIL, 

then  this  component  may  have  default  or 
user  defined  failures. 


<function>  if  DEFAULT  is  specified,  then  all 

default  failures  as  applicable  to  the 
component  type  are  automatically 
generated.  Any  other  name  is  assumed 
to  be  a user  defined  failure  function 
which  is  provided  in  the  failure 
dictionary  additions  input  section.  If 
nothing  follows  FAIL,  still  default 
failures  are  generated.  A general 
description  of  the  default  failures  are 
listed  in  Table  A.l.  The  exact  form  of 

internal 
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the 


and 


external 


representation  of  the  failure 
definition  entry  is  described  in  the 
failure  definition  input  section.  The 

user  may  change  any  one  of  the  failure 
definition  parameters  consistently. 

: indicates  that  the  remainder  of  the 

input  line  contains  comments. 

> indicates  that  the  input  is  continued 

on  the  following  card. 

<end-of-section>  any  section  identifier  keyword  or 

end-of-file  condition  terminates  the 

section. 


EXAMPLE: 


RLOAD  5 6 15KOHM  : FAILS 


Resistor  RLOAD  may  fail  catastrophically  by  changing  its 
value  to  O.IOHM  (short) r or  to  1.0E9OHM  (open). 


CBIAS  1 0 lOP  : FAILURES  DEGRADE  DEFAULT 


Capacitor  CBIAS  may  fail  by  the  failure  function  DEGRADE 
which  is  defined  in  the  failure  definitions  input  section. 
It  may  also  fail  catastrophically  just  like  a resistor. 


1.1,2  Test  Terminals  Input  Section 


The  test  terminals  input  section  has  the  following  form: 


TEST_TERMINALS  <connector>  [<comment>] 
<circuit  node>  <external  node>  [<comment>] 


I <end-of-section> 
L 


TEST_TERMINALS  section  identifier  keyword  Indicates  that  the  input  lines 

until  <end-of-sect lon>  are  test  terminal  names. 
<connector>  is  the  connector  name  of  the  test  terminals.  It  can  be 

at  most  12  characters  long. 

<circuit  node>  is  the  circuit  node  number  of  the  test  terminals  in  the 

NAP2  description  of  the  UUT.  The  first  one  should  be  the 
ground  node.  It  can  be  at  most  3 digits  long. 

<external  node>  is  the  test  terminal  name  of  the  corresponding  circuit 

node.  It  can  be  at  most  12  characters  long.  It  is  as- 
sumed that  the  test  terminal  name  is  also  the  name  of  a 
pin  on  the  connector  whose  name  is  given  by  <connector>  . 
A circuit  may  have  up  to  20  test  terminals. 

EXAMPLE: 


TEST  TERMINALS  EIA_RS_232C  COMMUNICATIONS  INTERFACE 
0 AB  SIGNAL  GROUND 
2 BA  DATA  -12V  to  +12V 

4 CA  GOES  HIGH  (+12V)  WHEN  TERMINAL  IS  READY 
8 CF  GOES  HIGH  (+12V)  ALLOWS  TERMINAL  TO  RECEIVE 


This  example  shows  the  specification  of  the  test  terminals  of  a UUT.  The 
name  of  the  connector  is  EIA_RS_232C.  Four  of  the  pins  on  this  connector 
are  declared  to  be  test  terminals. 


1,1.3  Failure  Definition  Additions  Input  Section 

This  section  of  input  allows  the  user  to  describe 

nonstandard  failures  of  a UUT,  If  the  failures  of  the  UUT 
are  associated  with  the  discrete  components  listed  in  Table 
A. 4,  then  an  entry  in  the  dictionary  is  automatically 
generated.  Otherwise,  as  in  the  case  of  multiple  or 

cascaded  failures,  a new  entry  in  the  dictionary  must  be 
created  by  the  user.  The  internal  and  external  (print) 
organization  of  the  failure  dictionary  is  described  in  Table 
A. 5. 

The  failure  definitions  provided  by  the  user  are  entered 
in  the  following  form: 

I 1 

I I 

I FAILURE  DEFINITIONS  <fda-name>  (<comment>]  I 

I . “ I 

1 • > 

I DEFINE  <id>  (<comment>l  I 

I • t 

I <NAP2  statements>  I 

I • I 

I END  i 

I • ■ 

1 • 1 

I <end-of-section>  I 


FAILURE__DEFINITIONS  keyword  indicates  that  the  following 

input  lines  until  <end-of-section>  are 
nonstandard  failure  definitions, 

<fda-name>  is  the  failure  definitions  additions 

file  name 
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DEFINE 


keyword  indicates  that  the  input  lines 
until  the  END  statement  are  the 
definitions  of  the  failure  whose 
identification  is  given  next. 

<id>  the  sequence  number  of  the  failure  as 

given  in  the  failure  dictionary  under 
the  column  ID,  It  can  be  at  most  4 
digits  long. 

<NAP2  statements>  NAP2  statements  which  define  the  failure 

as  modifications  to  the  nominal  circuit 
description.  The  initial  conditions  of 
the  circuit  can  also  be  included  to 
provide  faster  convergence  in  numerical 
analysis. 

END  terminates  the  definition  of  the 

failure. 

If  the  nonstandard  failures  of  the  UUT  can  be  associated 
with  a component  in  the  circuit,  then  only  the  definition  of 
the  failure  can  be  given: 

EXAMPLE  1: 

In  the  circuit  description,  the  following  is  declared: 

I 1 

I I 

I R1  1 2 IKOHM  : FAILS  OPNTOLHI  DEGRADED  I 

I I 

1 1 

2(i0 


Then,  the  failure  dictionary  contains  the  following 
definition  for  failure  OPNTOLHI (Rl) : 


ID 

COMPONENT  NAME 

FAILURE  FUNCTION 

NODES 

CHANGE 

TYPE 

PARAMETER 

VALUE 

ALIAS 

INDEX 


« 2 

- R1 

- DEFINED 
-12 

- COMPLEX-FDA 

- DEFINED 

» SEE  — > FDA 

- IKOHM 

- OPNTOLHI 

- 0 


The  definition  for  DEGRADED (Rl)  would  have  been  identical 
to  the  above  except: 


1 ID 

- 3 

1 ALIAS 

» DEGRADED 

The  id's  are  arbitrarily  assigned  in  this  example.  If  Rl 
had  been  a component  in  a complete  circuit  description,  then 
the  failure  ID's  might  have  been  different  depending  on  the 
number  of  failures  preceeding  these. 

If  OPNTOLHI (Rl)  is  a failure  which  can  be  represented  by 
a modified  resistor  with  value  IMEG  and  +200%  and  -50% 
tolerances,  the  definition  would  be  entered  as  follows: 


DEFINE  2 

.Rl  - IMEG 

♦MODIFY  1 2.0  0.5  Rl 

END 


261 


Then,  in  the  worst-case  analysis  R1  has  the  minimum  value  of 
0.5MEG  and  maximum  value  of  2.0MEG,  The  tolerance  class  1 
is  arbitrarily  chosen.  If  tolerance  class  1 already  exits 
in  the  nominal  circuit  description,  it  is  replaced  by  this 
new  statement.  If  it  does  not  exist,  a new  tolerance  class 
1 is  created  which  stays  in  effect  during  the  simulation  of 
this  failure  only.  This  process  may  be  thought  of  as  a 
stacking  process  where  the  new  class  is  pushed  to  the  top  of 
the  tolerance  class  stack,  used  in  the  simulation  and  then 
popped  up  (discarded). 

If  DEGRADED(Rl)  is  a failure  which  can  be  represented 
by  a modified  resistor,  it  can  be  specified  as  follows: 


DEFINE  3 

.R1  = 1.2K0HM 
•MODIFY  1 0.1  R1 

END 


This  definition  indicates  that  the  UUT  will  have  a failure 
called  DEGRADED(Rl)  if  the  value  of  Rl  is  1.2KOHM  +-10%. 

EXAMPLE  2: 

A failure  of  a UUT  which  is  not  due  to  a circuit  component 
failure  can  also  be  defined.  When  a connector  strip  on  a 
printed  circuit  board  cracks,  the  failure  is  not  a component 
failure.  Such  failures  can  be  modelled  by  splitting  the 
circuit  node  which  represents  the  point  of  connections  on 
the  connector  strip  into  two  nodes,  and  then  connecting  them 
by  a zero  conductor. 


2h2 


If  the  strip  connecting  R1  and  R2  is  open  due  to  a crack 


in  the  printed  circuit  board  : 


it  can  be  represented  by  : 


This  failure  can  be  described  to  FITS  by  making  an  entry  in 
the  failure  dictionary  as  follows: 


COMPONENT  NAME  » STRIP  N 
FAILURE  FUNCTION  * DEFINED 
ALIAS  » PC  CRACK 


All  other  entries  are  ignored.  If  this  failure  has  ID  2, 
then  the  following  failure  definition  can  be  specified: 


DEFINE 


.R2  99  3 100 
GO  2 99  0 


EXAMPLE  3; 


Multiple  or  cascaded  failures  can  be  conveniently 
defined.  If  in  a circuit  the  shorting  of  diode  TDl  causes  a 
capacitor  to  short  as  illustrated  below: 


The  above  figure  represents  the  circuit  schematic  which  can 
be  written  as  the  following  failure  definition: 


DEFINE  2 

.TDl-  : DROP  DIODE 

RDUMMYl  1 2 0.1  : REPLACE  BY  A RESISTOR 
.Cl-  : DROP  CAPACITOR 

RDUMMY2  2 0 0.1  : REPLACE  BY  A RESISTOR 


PMn 


I 

i 


TABLE  A. 5 OPTIONS  IN  THE  FAILURE  DICTIONARY 


NAME 

1 COLUMN  RANGE  ( 

1 1-4  1 

1 1 

J.  J. 

OPTIONS 

1 

1 

1 

DESCRIPTION 

ID. 

not 

applicable 

Failure  mode  sequence 
number 

COMPONENT 

NAME 

1 5-16  1 

1 1 

1 1 

see  own 
table 

— 

T* 

1 

1 

1 

Name  of  the  component 
as  it  appears  in  the 
circuit  description 

FAILURE 

FUNCTION 

f"  ■■  t 

i 17-20  i 

1 1 

see  own 
table 

1 

1 

Name  of  the  failure 
function  of  the 

NODES 


CHANGE 


TYPE 


PARAMETER 


VALUE 


ALIAS 


INDEX 


21-32 


33-36 


37-40 


41-52 


53-64 


65-76 


82-83 


see  own 
table 


see  own 
table 


see  own 
table 


see  own 
table 


not 

applicable 


string 


2 digit 
integer 


failure  of  the 
component 


Identifies  the 
incidence  of  the 
component  on  the 
circuit  nodes 


Describes  the  change 
in  the  nominal  circuit 
due  to  the  failure 


For  simple  failures 
identifies  the  new 
component  type. 
Otherwise  describes 
where  the  definition 
is  to  be  found. 


Value  of  the  new 
component  or 
subcircuit  library 
member  name 


Value  of  the  component 
in  the  nominal  circuit 


Alternate  failure 
function  name.  This 
name  is  passed  to  the 
bottom  Dart. 


Failure  rate  index  is 
not  currently 
supported  by  FITS.  If 
supplied,  it  is  passed 
on  to  the  bottom  part. 
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TAIU.K  A.  5a  Ol’TIONS  IN  Till':  KAII.URI':  DICTIONARY  (cciiit  Imii-d) 
(CdiiipoiUMit  Nanu'  Opt  ions) 


COMPONENT  NAME  PREFIX 


COMPONENT  TYPE 


R 

C 


Resistor 


Capacitor 


L 

TO 


Inductor 


Diode 


TQ 


Bipolar  Junction  Transistor 


none  of  the  above 


Ignored  in  automatic  dictionary 
generation  but  can  be  inserted 
to  the  dictionary  manually. 


TABLE  A. 5b  OPTIONS  IN  THE  FAILURE  DICTIONARY  (continued) 


TAHl.K  A.5o  OPTIONS  IN  THK  FATLURK  lUCTlONARY  (contimiod) 

(Nodo  Options) 


NUMBER  OP 
ENTRIES 


COMPONENT 

TYPES 


ENTRY 


INCIDENCE 


Resistor 

Capacitor 

Inductor 

Diode 


from  node 


to  node 


OPTIONS  IN  THK  I'AIHIRK  DICTIONARY  (contimiod) 
(Chonj^o  Options) 


DESCRIPTION 


INTERNAL 


EXTERNAL 


Declares  the  current  failure  to  be 
identical  to  failure  number  <n>. 
This  failure  is  not  be  simulated. 
Its  failure  symptoms  will  be 
identical  to  failure  <n>. 


SAME  AS  » I 
<n>  I 


^ 

0 1 

NONE 

! no  change,  nominal 

■ ■ .1  1 .L  -1  1.  1 

1 1 

TOPOLOGICAL 

T 

1 component  type  chanqes 

2 

VALUE 

1 only  component  value  chanqes 

3 1 

LIBRARY 

1 The  definition  of  the  failure  is  in 

1 the  circuit  simulation  proqram  model 

1 library. 

* 

COMPLEX-PDA 

1 User  will  provide  the  failure 

1 definition  in  the  FAILURE  DEFINITION 

1 ADDITION  file. 

2 1 

base  node 

3 1 

1 

emitter  node 

TABLK  A.5e  OPTIONS  IN  THE  FAILURE  DICTIONARY  (continued) 

(Type  Options) 


INTERNAL 

— + — 
1 

EXTERNAL 

1 

DESCRIPTION 

0 

1 

NONE 

■t* 

1 

L, 

not  used 

1 

1 

X _ 

RESISTOR 

•t 

1 

_x^ 

failure 

is 

represented 

by 

a 

resistor 

2 

1 

CONDUCTOR 

1 

failure 

is 

represented 

by 

a 

conductor 

3 

■•T 

1 

_ X - 

CAPACITOR 

••T 

1 

_x. 

failure 

is 

represented 

by 

a 

capacitor 

4 

1 

1 

_ X - 

LIBRARY 

MODEL 

—T* 

1 

1 

L- 

not  used 

5 

1 

DEFINED 

•T"' 

1 

-+> 

user  defined 

TABLE  A.5f  OPTIONS  IN  THE  FAILURE  DICTIONARY  (continued) 
(Parameter  Options) 


INTERNAL 

<nuraber> 


I EXTERNAL 

I same  as 
I internal 


<str ing> 


same  as 
internal 


I DESCRIPTION 

I Value  of  the  component  representing 
I failure.  Default  values  are 

I (OPEN-1. 0E9)  or  (SHORT-0.1).  It  is 
I filled  in  according  to  the 

I catastrophic  failure  generated. 

~+ — 

I Name  of  the  member  in  library  3 of 
I NAP2  circuit  analysis  program.  The 
I referenced  member  should  contain  a 
I subcircuit  description  of  a failure. 
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1.1.4  Fault  Isolation  Objectives  Input  Section 

This  section  is  written  when  fault  diaqnosis  and  isolation 
objectives  differ  from  the  standard.  By  default,  PITS  aims 
at  85%  diagnosis.  Any  fault  isolation  level  is  accepted 
once  85%  diagnosis  is  reached.  It  is  possible  to  modify 
only  the  diagnosis  percentage  without  requesting  any  fault 
isolation.  However,  FITS  still  provides  the  level  of  fault 
isolation  possible  with  the  tests  already  available  to 
diagnose  the  UUT  to  the  desired  level. 

The  fault  isolation  objectives  are  written  as  follows: 

I 

I 

I OBJECTIVES  <objectives  name>  I<comment>l 
t <diagnosis  percentage>  [<comment>] 

I <cfi  percentage>  <k-ambiguity>  (<comment>) 

I • 

I • 

I • 

I <end-of-section> 


OBJECTIVES  keyword  indicates  that  the  following 

input  lines  until  <end-of-section>  are 
fault  isolation  objectives. 

<objectives  name>  name  of  the  objectives  specified 

<diagnosis  percentage>  percent  diagnosis  desired.  It  starts 

on  column  1 and  is  written  as  a floating 
point  decimal  number  in  5 columns. 


<cfi  percentage>  cumulative  fault  isolation  percentage. 

2b9 


1 


rr  — 

I 

I 

I 

It  is  written  just  like 

I 

<diaqnosis  percentage>. 

<lc-ambiguity>  highest  ambiguity  level  acceptable  for 

the  given  percentage  of  failures.  It  is 
written  as  a right  justified  integer  on 
3 columns  after  <cfi  percentage>. 

j The  fault  isolation  specifications  need  not  be  written  if 

only  diagnosis  percentage  is  to  be  changed.  If  they  are 
' specified,  then  both  cumulative  fault  isolation  percentage 

I and  desired  ambiguity  level  should  be  written  in  increasing 

order.  There  may  be  up  to  100  specifications. 


EXAMPLE: 


1 

OBJECTIVES  STANDARD 

(TYPICAL  OF  INDUSTRY) 

1 

85.0% 

DIAGNOSIS 

1 

40.0 

4-AMBIGUOUSLY 

1 

1 

80.0 

8-AMBIGUOUSLY 

The  specification  given  above  requests  that  85%  of  all  the 
failures  in  the  failure  dictionary  should  be  diagnosed. 
Furthermore,  40%  of  the  failures  should  be  isolated  in 
groups  which  are  4 or  less  ambiguous,  and  80%  of  all 
failures  should  be  8 or  less  ambiguous.  The  remaining 
failues  can  be  Isolated  to  any  level  once  85%  diagnosis  is 
achieved.  The  k-ambiguity  which  is  not  specified  has  the 
fault  isolation  percentage  level  as  the  next  lower  ambiguity 
class. 
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1.1.5  Accuracy  Specifications  Input  Section 

This  section  Is  written  when  the  accuracy  specifications  differ  from  th 
default  assignments.  The  input  has  the  following  form: 


ACCURACY  <accuracy  name>  | <coiimient>  ] 
<zero  discrlminat ion>  [<comment>] 
<lnacc,uracy>  [<comment>] 
<significant  digits>  [<comment>] 
<sort>  [<commcnt>] 
<optimize>  [<comment>] 
<mlssing> 


ACCURACY  keyword  indicates  that  the  following  lines  until 

missing  belong  to  the  accuracy  specifications, 
identifies  the  specifications 
see  Table  A. 6 
see  Table  A. 6 
see  Table  A. 6 
see  Table  A. 6 
see  Table  A. 6 
see  Table  A. 6 

All  options  in  this  section  are  written  starting  from  column  1.  The 
floating  point  numbers  are  written  in  10  columns.  The  integers  are  writti-n 
in  3 columns,  right-justified. 


<accuracy  name> 

<zero  discrimlnatlon> 
<inaccuracy> 
<significant  dlglts> 
<sort> 

<optimize> 

<missing> 
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TABLI-:  A. 6 OPTIONS  IN  ACCURACY  SPF.CIF ICATIONS 


OPTION  NAME  | TYPE  I DEFAULT  | VALUE 


ZERO 

DISCRIMINATION 


MEASUREMENT 

INACCURACY 


SIGNIFICANT 

DIGITS 


MISSING 


PURPOSE 


Measurement  whose 
absolute  value  is  less 
than  this  value  is  not 
included  in  creating 
assertions 


Percent  inaccuracy  in 
measurements 


Number  of  significant 
digits  in  the 
measurements 


Sort  the  assertions 
within  the  tests  only 
according  to  increasing 
sensitivity 


First  sort  the 
assertions  within  the 
tests  and  then  sort  the 
tests  among  themselves 


Leave  the  assertions  in 
the  order  they  were 
created  but  sort  the 
tests  among  themselves 


Sort  the  assertions 
regardless  of  the  tests 


Include  all  tests  (or 
assertions)  to  select 
diagnoses 


Minimize  the  number  of 
tests  (or  assertions)  to 
select  diagnoses 


Put  the  missing  failure 
symptoms  in  the  same 
region  as  failure  <n> 
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1.1.6  Initial  Conditions  Input  Section 

This  section  is  written  when  DC  strategy  tests  and  other 
user  defined  test  strategies  are  to  be  employed  in  testing. 
It  also  provides  a simple  means  of  introducing  the  initial 
conditions  of  the  circuit  to  reduce  the  number  of  iterations 
in  the  numerical  solution  of  the  circuit  response.  It  is 
observed  that  in  most  cases,  if  the  initial  conditions  of 
the  nominal  circuit  is  close  to  the  final  solution,  the 

solution  of  the  circuit  with  failures  is  quicker. 

The  input  has  the  following  general  form: 

I 1 

I I 

I INITIAL  CONDITIONS  <init.  cond.  name>  {<comment>]  I 

I . ” I 

I • I 

I BEGIN  [DEFINE]  (<message>]  I 

I • j 

I • 1 

I [:  NOPAL  statements  if  DEFINE  is  specified]  I 

I • I 

I • I 

I <NAP2  statements>  | 

I • I 

1 • I 

I END  I 

I • I 

I • I 

I END-INITIAL  I 


INITIAL_CONDITIONS  keyword  indicates  that  the  following 

input  lines  until  END-INITIAL  are 
initial  conditions  description. 

<init.  cond.  name>  initial  conditions  identification 

indicates  the  beginning  of  a new  initial 
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BEGIN 


condition 


DEFINE 


<message> 


<NAP2  statements> 


END 


END-INITIAL 


When  no  DEFINE 


when  specified  it  means  that  this 
initial  condition  contains  a user 
defined  test  strategy  and  all  necessary 
instructions  both  in  NAP2  and  NOPAL 
languages  are  provided  in  this  section. 
When  this  keyword  is  not  specified  it 
means  that  only  the  DC  default  test 
strategies  should  be  used,  and  the  user 
will  provide  the  initial  conditions  in 
NAP2  language.  The  NOPAL  statements  for 
the  corresponding  test  are  automatically 
generated. 


if  DEFINE  is  not 

specified,  then 

the 

remainder  of  the  card 

may 

contain 

the 

text  of  a message 

to 

be 

sent  to 

the 

operator  before  the  test  is  conducted. 

NAP2  statements  which  describe  the 
initial  conditions  are  given  here. 

terminates  the  current  initial  condition 
specification. 

terminates  the  initial  conditions  input. 

keyword  is  specified,  only  DC  strategy 


tests  are  generated.  No  operator  intervention  is  allowed 
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The  user  is  expected  to  provide  the  power  supplies  of  the 
circuit.  If  so  desired,  the  initial  conditions  of  the 
circuit  which  speeds  up  numerical  analysis  may  also  be 
included. 

Two  types  of  power  supplies  can  be  specified: 


RE<name>  <+node>  <-node>  <int  resis>  E <value> 
GE<name>  <+node>  <-node>  <int  condt>  J <value> 


The  first  type  of  power  supply  is  a voltage  source. 
Positive  current  flows  from  the  <+node>  to  the  <-node>. 
<int  resis>  is  the  internal  series  resistance  of  the  voltage 
source  in  ohms.  <value>  gives  plus  or  minus  magnitude  of 
the  voltage  applied. 

The  second  type  of  power  supply  is  a current  source. 
Positive  current  flows  from  <+node>  to  <-node>.  <int  condt> 
is  the  parallel  internal  conductance  of  the  current  source 
in  mhos.  <value>  gives  the  plus  or  minus  magnitude  of  the 
current  source.  PITS  uses  the  second  node  <-node>  as  a 
reference  node  when  making  voltage  measurements.  Therefore, 
when  power  supplies  have  a connecting  terminal  incident  on 
the  ground  node,  this  node  should  be  written  as  the  second 
node.  This  is  not  a restriction  but  only  a notational 
convenience . 

If  the  power  supply  specification  starts  on  column  1 of 

input,  then  the  following  NOPAL  stimulus  statements  are 
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( < <+external  tt>  , <-external  tt>  > VOLT  - ESUPPLY 

( <value>  VOLT  , <int  resis>  OHM  ) ) 

( < <+external  tt>  , <-external  tt>  > AMP  ■ JSUPPLY 

( <value>  AMP  , <int  condt>  MHO  ) ) 


where  <+external  tt>  is  the  external  test  terminal  name  of 
the  circuit  node  <+node>»  and  <-external  tt>  is  the  external 
test  terminal  name  of  <-node>.  If  the  corresponding 
external  test  terminal  name  cannot  be  found  in  the  test 
terminals  input  section,  it  is  written  as  UNDEFINED_<node> 
where  <node>  is  either  <+node>  or  <-node>. 

All  other  NAP2  statements  in  this  section  are  copied 
into  the  NAP2  candidate  tests  library.  No  syntax  analysis 
is  performed  to  check  the  validity  of  the  specifications. 

If  the  power  supply  is  a voltage  source,  then  NAP2  and 
NOPAL  statements  are  generated  to  measure  the  current 
through  the  voltage  source.  The  NOPAL  statement  generated 


( < <+external  tt>  , <-external  tt>  > AMP  » AMPMETER 

( K+external  tt>_<no>  ) ) 

TARGET  : K+external  tt>  <no>  ; ” 


where  the  <+external  tt>  and  <-external  tt>  names  are  the 
corresponding  test  terminal  names  of  the  circuit  nodes 
indicated  on  the  voltage  supply  card.  <no>  is  the  sequence 


V*“  ' -v 


number  of  the  measurement  performed. 

If  the  power  supply  is  a current  source,  then  the 
voltage  across  it  is  measured.  The  NOPAL  statement 
generated  is: 


( < <+external  tt>  , <-external  tt>  > VOLT  » VOLTMETER 

( V<+external  tt>_<no>  ) ) 

TARGET  ; V<+external  tt>  <no>  ; 


If  the  target  ATE  test  language  has  different  function  names 
for  the  above  stimuli  and  measurements,  they  may  easily  be 
modified. 


EXAMPLE  1: 


DEFINE  THIS  IS  A DC  TEST 

RE15V  i 0 1.0  E 15  : 15VOLT  POWER  SUPPLY 

•MODIFY  V2  2.0  ITQOUT.&GBE  iMA 

END 


This  initial  condition  specification  connects  a 15  volt 
power  supply  with  1 ohm  internal  resistance  across  the 
circuit  nodes  1 and  ground.  Also  the  initial  condition  at 
node  2 is  set  to  2 volts,  and  the  bias  current  of  transistor 
TQOUT  is  set  to  1mA.  Thus  the  DC  solution  iterations  start 
from  these  initial  conditions  for  the  nominal  case  and  for 
all  failures  of  the  circuit  unless  they  are  otherwise 
modified  in  the  failure  definitions. 
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An  extension  to  the  initial  conditions  specification  described  above 
allows  the  user  to  control  all  the  NOPAL  and  NAP2  statements  to  be  generated. 
FITS,  then,  simulates  the  user  defined  tests  for  each  one  of  the  failures 
found  in  the  dictionary. 

This  option  is  indicated  to  the  FITS  system  by  specifying  DEFINF.  after 
the  BEGIN  keyword.  Then,  any  statement  which  begins  with  a colon  in  the 
first  column  is  considered  to  be  a NOPAL  statement  and  placed  in  the  NOPAL 
candidate  tests  library.  All  other  statements  are  put  into  the  NAP2  candi- 
date tests  library.  These  statements  are  not  checked  for  syntactic  or 
semantic  correctness. 

The  section  relating  to  NOPAL  statements  may  contain  any  valid  NOPAL 
statement.  FITS  automatically  fills  in  TEST  name,  ASSERTION  and  LOGIC  sec- 
tions of  the  corresponding  test  module  if  this  test  is  selected  to  be  per- 
formed in  the  final  specifications.  Furthermore,  the  STIMULI,  MEASUREMENT, 
CONJUNCTION  and  MESSAGE  keywords  are  recognized  if  they  are  the  first  svanbols 
in  an  input  card.  They  are  automatically  assigned  sequence  numbers.  If  a 
message  is  to  be  sent  to  the  operator  before  the  test  (operator  intervention 
may  or  may  not  be  required) , then  the  message  text  can  be  given  after  the 
MESSAGE  keyword.  All  necessary  instructions  should  be  accordingly  written  to 
define  the  message.  Tlie  command  which  sends  this  message  to  the  operator  is 
automatically  generated  in  the  "LOGIC"  section  of  the  test  module  when  the 
NOPAL  output  is  being  processed. 

All  other  statements  which  do  not  start  with  a colon  in  the  first  column 
are  NAP2  statements.  In  this  section,  the  user  has  to  provide  all  the  in- 
structions to  the  iNAP2  program  to  simulate  the  desired  test.  The  failure 
definitions,  test  identification  numbers,  and  the  "*RUN"  commands  are  auto- 
matically inserted.  Thus  the  user  can  perform  DC,  AC,  or  transient  analyses 

and  define  complex  stimulus  and  measurement  specifications. 
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EXAMPLE  2; 


BEGIN  DEFINE  A TEST  WITH  OPERATOR  INTERVENTION 

; STIMULI  : 

: CONJUCTION  ; 

! < INPUT  , GROUND  > VOLT  = ESOURCE  ( 5 VOLT  , 1 OHM  ) & 

; < PSIN  , GROUND  > VOLT  » ESOURCE  ( 12  VOLT  , 1 OHM  ) ; 

J MEASUREMENT  : 

; CONJUNCTION  : 

; < OUTPUT  , GROUND  > VOLT  = VOLTMETER  ( VOUTPUT  , 

: TARGET  ; VOUTPUT  ; 

; DIAGNOSIS  SPECIAL  ; (, .ADJUST, 0) , ? ; 

; MESSAGE  ADJUST  ; 

: • TURN  GAIN  SWITCH  TO  POSITION  5 AND  TYPE  Y * ; 

: /*  GAIN  SWITCH  POSITION  5 SETS  RGAIN  TO  2KOHM  */ 

•RGAIN  * 2KOHM 

RE5V  1 0 1 E 5 : INPUT  SIGNAL 

RE12V  20  1 E 12  ; POWER  SUPPLY 
RLOAD  3 0 lOOKOHM 
♦MODIFY  5 0.2  RGAIN 
♦DC  ♦WORST  V3 

END 


In  this  exiimplc,  a signal  source  5 VOLT  DC  is  applieJ  at  node  1 (.INPUTl, 
and  a voltage  source  Id  VOLT  DC  is  connected  to  the  power  supply  input 
node  2 (,PS1N).  ri\e  gain  control  resistance  is  changed  to  2K01iM  (.  + - dOT") 
which  is  on  a switch  that  the  operator  can  control.  A voltage  measurement 
is  taken  at  node  5 (.OUTPUT) . The  measurement  device  loads  the  out)nit  node 
to  the  groimd  witli  lOOKOUMS.  The  testing  takes  place  after  tlie  operator 
sets  the  switcii  to  position  5 and  replies  "Y"  to  the  request.  The  asser- 
tions and  fault  diagnosis  and  isolation  statements  are  automat ical ly 
generated  using  HITS  methodology. 


1.2  Job  Setup  Configurations 

There  are  several  ways  of  configuring  the  program  execution  sequence  in 
HITS  to  generate  test  specifications  to  the  desired  effect.  The  simplest 
configuration  is  described  with  the  aid  of  figure  A. 12.  The  job  control 
cards  to  set  up  this  configuration  is  provided  in  APPENDIX  C. 

The  process  starts  after  the  user  prepares  the  input  manually.  This 
input  is  given  to  the  file  initialization  program  (PI)  which  generates  the 
necessary  internal  files  from  the  user  input.  Then,  a failure  dictionary  is 
generated  (P2)  and  printed  (P3).  All  candidate  tests  using  CC , DC  or  user 
defined  test  strategies  are  placed  into  proper  files  (P4)  The  candidate 
tests  written  in  the  NAP2  language  are  analyzed  in  the  circuit  analysis 
program  NAP2  (P5) . The  output  of  the  failure  analysis  is  scanned  by  the 
symptom  generator  program,  and  a failure  symptom  table  is  prepared  (P6) . 

Then  this  table  is  evaluated  by  the  decision  limits  finder  program  (P7)  to 
generate  assertions  and  diagnoses.  The  decision  table  is  al.so  printed. 

Then  the  ambiguity  analysis  program  determines  the  equivalent  failure  groups 
and  indicates  if  the  fault  isolation  objectives  arc  satisfied  (PS).  The  user 
either  chooses  to  try  more  tests  (P9) , or  continues  to  optimization.  If 
more  tests  are  to  be  tried,  there  should  be  some  candidate  tests  remaining 
(PIO).  If  no  more  tests  are  available,  then  it  is  not  possible  to  improve 
on  the  fault  isolation  capability.  However,  if  there  are  some  more  tests, 
they  are  evaluated  starting  from  P4 . After  the  optimization  processes  (Pll), 
the  test  specifications  arc  produced  in  the  NOPAL  language  (P12) . 
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There  are  alternate  configurations  of  program  execution  combinations  to 
I generate  different  test  specifications  from  the  same  failure  symptom  table 

I (see  Figure  A. 13).  The  first  choice  is  in  the  decision  limit  finding 

process.  By  changing  the  accuracy  options,  the  user  may  generate  test 
! specifications,  each  requiring  different  levels  of  accuracy  from  the  test 

devices.  The  assertions  may  be  sorted  as  desired.  If  (S0RT=4)  is  specified 
(i.e.,  assertions  are  globally  sorted),  it  is  not  possible  to  minimize  the 
number  of  test  setups.  The  minimization  of  the  number  of  test  setups  may  be 
omitted  regardless  of  the  SORT  option.  The  user  has  the  choice  of  either 
. using  or  not  using  the  negations  of  the  assertion  outcomes.  If  diagnosis 

selection  is  to  be  based  on  the  passing  of  tests  only,  then  the  number  of 
I assertions  should  not  be  minimized.  If  the  number  of  test  setups  are  mini- 

mized, then  the  program  which  transforms  the  multiple  valued  decoder  matrix 

! to  a binary  valued  decoder  matrix  must  be  executed.  Next,  the  program  which 

i 

minimizes  the  number  of  assertions  (to  be  evaluated)  per  diagnosis  must  be 
executed.  If  the  user  wants  all  assertions  to  be  performed,  this  may  be  in- 

i 

I dlcated  in  the  accuracy  input.  However,  since  this  program  also  calculates 

j 

I some  statistics  about  the  test  specifications  and  prepares  data  to  the  NOPAL 

test  specification  writer  program,  it  must  still  be  executed.  If  the  tabular 
' NOPAL  specification  is  desired,  the  program  which  prints  this  table  may  be 

executed.  Finally,  the  program  which  generates  the  NOPAL  specifications  as 
input  to  the  bottom  part  of  NOPAL  can  be  executed. 


<ioENTiriER>  ;:=  <letter>  [<taiL>> 


<SUQSCRIPT_L1ST>  ::=  <ARITH_EXPR>  [ ,<ARITH.EXPR>]* 


<RELATI0NAL_EXPR>  ;:=  <ARITH_FXPR>  <RELATI0N>  <ARITH,EXPR> 


<conn_oim-EX>  ;:=  <conmector>  [<oimension>J 

? <CONNrCTOR>  :jr  <COhnECTOR_ID>  I < <connector_io>  [ ,<connector,io>j« 


<NOPAL_sPtciFic/>riON>  ::=  [nopal]  specification  [<SPEC.NAME>] 


<logop_oiagl3l>  ;:=  <logical_operator>  <oiag„label> 


a <AFTER>  !;=  A I A-i 

<«AVEFORMS>  ::=  <CONJUNCTiON>  I <ASSERT10N>  t<ASSERTXON>]* 

6 <conjunction>  conjUmCTIOn  <waveform.id>  : <conjunctxon.body> 

[<OECLARATlON>j*  I 


LIMIT  = <PR0TECTIVE_LIMITS>  I <COMMENTS> 


PAnAHETER=<PARH>  [ i PAR AMETEn=<PARM>J • 


<UUT_P0INT_I0> 


Al’l'lJ'^DIX  C 


rrrs  systi-m  i api'.  coNTiiNTs 


Standard  taju'  label 
rape 

Isoeord  size 
Block  si:o 


IdTS 

2400',  1/2",  SOOhpi 
80 

2400 


+- + 


NO 

1 

DATA  SET  NAME 

1 

DESCRIPTION 

1 

1 

1 

1 

NAP2.JCL 

1 

1 

1 

JCL  to  execute  the  NAP2  circuit 
analysis  proqram  on  IBM/370 
computers 

2 

1 

FITS.JCL 

1 

« ± 

JCL  to  execute  the  FITS  system 

3 

T 

1 

NAP2.0BJ 

1 

object  code  of  NAP2  oroqram 

4 

•T 

1 

PITS. OBJ 

1 

object  code  of  FITS 

5 

T 

1 

1 

1 

NAP2.SRC 

1 

1 

1 

X 

FORTRAN  source  code  of  NAP2  as 
supolied  by  the  Technical 
University  of  Denmark 

6 

T 

1 

1 

•+ — 

FITS. SRC 

1 

1 

4.- 

FORTRAN  source  code  of  the  FITS 
system 
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